ROOT-APP-NPM-CVE-2026-54304 CVE-2026-54304 in @rootio/n8n - Patched by Root

Root has patched CVE-2026-54304 in the @rootio/n8n package for Root:npm. Multiple fixed versions available...

CVE-2026-42235 n8n: XSS via MCP OAuth client

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted clientname. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that...

CVE-2026-42231 n8n: Prototype Pollution in XML Webhook Body Parser Leads to RCE

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modi...

GHSA-98C2-4CR3-4JC3 n8n has SQL Injection in Data Table Node via orderByColumn Expression

Impact An authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulated and the attack surface is practically limited. On PostgreSQL deployments, multi-statement...

n8n's Improper File Access Controls Allow Arbitrary File Read by Authenticated Users

Impact A vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical configuration data and user credentials, leading to complete account takeover of a...

CVE-2026-25053

n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been...

CVE-2026-25052 n8n Improper File Access Controls Allow Arbitrary File Read by Authenticated Users

n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical...

n8n allows open redirects via the /signin endpoint

Impact This is an Open Redirect CWE-601 vulnerability in the login flow of n8n. Authenticated users can be redirected to untrusted, attacker-controlled domains after logging in, by crafting malicious URLs with a misleading redirect query parameter. This may lead to: - Phishing attacks by...