MAL-2026-4618 Malicious code in n8n-nodes-whatsapp-business-api-by-automations-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a012be4fda5d6832fa3f4b404fd0026c0b351642260408e7f4fbb955e48b38a8 Package presents itself as an n8n node for the WhatsApp Business API Meta Graph. Instead of calling graph.facebook.com, every request — credential...

n8n Node.js Package < 1.123.32 / 2.x < 2.17.4 / 2.18.x < 2.18.1 XML Node Prototype Pollution RCE (GHSA-hqr4-h3xv-9m3r)

The version of the n8n Node.js Package installed on the remote host is prior to 1.123.32, 2.x prior to 2.17.4, or 2.18.x prior to 2.18.1. It is, therefore, affected by a remote code execution vulnerability: - An authorized user with workflow creation or modification capabilities can exploit...

n8n Node.js Package < 1.121.0 Domain Allowlist Bypass / Credential Exfiltration (CVE-2026-25631)

The version of the n8n Node.js Package installed on the remote host is prior to 1.121.0. It is, therefore, affected by a credential exfiltration vulnerability: - A vulnerability in the HTTP Request node's credential domain validation allows an authenticated attacker to send requests with...

n8n Node.js Package 2.x < 2.4.8 Python Sandbox Escape (CVE-2026-25115)

The version of the n8n Node.js Package installed on the remote host is 2.x prior to 2.4.8. It is, therefore, affected by a remote code execution vulnerability: - A vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code...

@n8n/backend-test-utils (=0.26.0), @n8n/db (=0.34.0) +2 more potentially affected by CVE-2026-25051 via n8n-core (=1.122.0)

n8n-core NPM version =1.122.0 is affected by a known vulnerability. The following packages have a transitive dependency on n8n-core and may be impacted: - @n8n/backend-test-utils =0.26.0 - @n8n/db =0.34.0 - @n8n/task-runner =1.59.0 - n8n-node-dev =1.121.0 Source cves: CVE-2026-25051 Source...

MAL-2026-540 Malicious code in n8n-nodes-xkwqpzrt-jmflhvbn-dsyocgxwmkelpt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9aa71b86b24db0a3a609b749d0b80b7868fa8adac9950d7898460f643ecf14c The package n8n-nodes-xkwqpzrt-jmflhvbn-dsyocgxwmkelpt was found to contain malicious code. Source: ghsa-malware...

Malicious code in @diendh/n8n-nodes-tiktok-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16a12e0244dc2ac8964ace7fecf5dab971eb0b394e2979bce9a3e12ce33b01ce The package @diendh/n8n-nodes-tiktok-v2 was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview n8n-nodes-xkwqpzrt-jmflhvbn-dsyocgxwmkelpt is a malicious package. This package leverages n8n workflow automation disguising as a n8n community node to exfiltrate OAuth tokens, API keys, and sensitive credentials of integrated services. Remediation Avoid using all malicious instances of...

Malicious Package

Overview n8n-nodes-rooyai-model is a malicious package. This package leverages n8n workflow automation disguising as a n8n community node to exfiltrate OAuth tokens, API keys, and sensitive credentials of integrated services. Remediation Avoid using all malicious instances of the...

Malicious Package

Overview @diendh/n8n-nodes-tiktok-v2 is a malicious package. This package leverages n8n workflow automation disguising as a n8n community node to exfiltrate OAuth tokens, API keys, and sensitive credentials of integrated services. Remediation Avoid using all malicious instances of the...

Malicious Package

Overview n8n-nodes-danev-test-project is a malicious package. This package leverages n8n workflow automation disguising as a n8n community node to exfiltrate OAuth tokens, API keys, and sensitive credentials of integrated services. Remediation Avoid using all malicious instances of the...

Malicious Package

Overview n8n-nodes-zl-vietts is a malicious package. This package leverages n8n workflow automation disguising as a n8n community node to exfiltrate OAuth tokens, API keys, and sensitive credentials of integrated services. Remediation Avoid using all malicious instances of the n8n-nodes-zl-vietts...

Malicious Package

Overview n8n-nodes-gg-udhasudsh-hgjkhg-official is a malicious package. This package leverages n8n workflow automation disguising as a n8n community node to exfiltrate OAuth tokens, API keys, and sensitive credentials of integrated services. Remediation Avoid using all malicious instances of the...

EUVD-2026-1822

Malicious code in n8n-nodes-vbmkajdsa-uehfitvv-ueqjhhhksdlkkmz npm...

MAL-2025-191399 Malicious code in n8n-nodes-viral-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b674c80512825238bef8f46f867856034796bf31343fa3c9e20f4b74e9b6da8f The package n8n-nodes-viral-app was found to contain malicious code. Source: google-open-source-security...

@n8n/task-runner (>=1.37.0 <=1.42.3), n8n-node-dev (>=1.0.0 <=1.104.3) +10 more potentially affected by CVE-2025-57749 via n8n-core (>=1.0.0 <=1.105.3)

n8n-core NPM version =1.0.0, =1.37.0, =1.0.0, =0.1.0, =0.3.3, =0.3.1, =1.1.0, =0.1.4, =0.4.10, =0.2.0, =0.1.0, =0.4.28 Source cves: CVE-2025-57749 Source advisory: SNYK:JS-N8NCORE-12081401...