3 matches found
CVE-2026-54310
CVE-2026-54310 affects n8n, specifically the TimescaleDB and legacy Postgres v1 nodes. An authenticated user who can create or modify workflows could supply crafted parameters to these nodes, enabling arbitrary SQL injection and execution against the connected database within the privileges of th...
CVE-2026-27495
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On...
CVE-2026-21894 n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks
n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stri...