57 matches found
CVE-2026-56354
n8n before 1.123.24, 2.10.4, and 2.12.0 across its 1.x and 2.x branches contains cross-site scripting and open redirect vulnerabilities in the Form Node due to unsanitized HTML description fields and overly permissive iframe sandbox policies. Authenticated users with workflow creation permissions...
CVE-2026-56354 n8n - Cross-Site Scripting and Open Redirect in Form Node
n8n before 1.123.24, 2.10.4, and 2.12.0 across its 1.x and 2.x branches contains cross-site scripting and open redirect vulnerabilities in the Form Node due to unsanitized HTML description fields and overly permissive iframe sandbox policies. Authenticated users with workflow creation permissions...
nodejs: Node.js: Certification validation bypass in TLS host verification
A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security TLS host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integri...
EUVD-2026-31940
nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint /auth/v1/introspectaccesstoken accepts any JWT signed by a key present on the node, without validating the JWT type, issuer-to-key binding, or required claims...
GHSA-MP4J-H6GH-F6MP n8n has SQL Injection in SeaTable Node
Impact A flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into the SeaTable node's search or row...
Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution
Summary A command injection vulnerability in the extractLLM function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to execSync without proper sanitization, enabling remote code execution when the...
LDAP Injection
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to LDAP Injection via the LDAP node's filter escape. An attacker can retrieve unauthorized LDAP records or bypass authentication checks by injecting specially crafted input into LDAP search parameters...
CVE-2026-33751
The CVE-2026-33751 vulnerability affects n8n's LDAP node where filter escape logic fails to escape metacharacters when user-controlled input is interpolated into LDAP search filters. This can allow manipulation of the LDAP search filter, potentially exposing unintended records or bypassing authen...
@goldenqueen/bai (>=1.0.0 <=1.0.3), @khineeyouu/baileys (>=0.2.1 <=0.2.24) +10 more potentially affected by unknown CVE via @yaoii-bails/libsignall-node (=0.0.1-security)
@yaoii-bails/libsignall-node NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on @yaoii-bails/libsignall-node and may be impacted: - @goldenqueen/bai =1.0.0, =0.2.1, =2.0.16, =17.1.12, =1.0.13, =1.0.23, =1.0.24 - nopedorex =1.0....
@goldenqueen/bai (>=1.0.0 <=1.0.3), @khineeyouu/baileys (>=0.2.1 <=0.2.24) +10 more potentially affected by unknown CVE via @yaoii-bails/libsignall-node (=0.0.1-security)
@yaoii-bails/libsignall-node NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on @yaoii-bails/libsignall-node and may be impacted: - @goldenqueen/bai =1.0.0, =0.2.1, =2.0.16, =17.1.12, =1.0.13, =1.0.23, =1.0.24 - nopedorex =1.0....
CLEANSTART-2026-JY06700 vulnerability has been identified in Node
Multiple security vulnerabilities affect the nodejs package. A vulnerability has been identified in Node. See references for individual vulnerability details...
CVE-2026-27493
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...
CVE-2026-27494
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain built-in Python...
CVE-2026-27493 n8n has Unauthenticated Expression Evaluation via Form Node
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...
CVE-2026-27493 n8n has Unauthenticated Expression Evaluation via Form Node
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...
CVE-2026-25053 n8n is Vulnerable to OS Command Injection in Git Node
n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been...
EUVD-2026-5418
n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been...
@backstage/plugin-search-backend-module-techdocs (>=0.4.9-next.0 <=0.4.9-next.1), @backstage/plugin-techdocs-backend (>=0.0.0-nightly-20251222025103 <=2.1.4-next.2) +2 more potentially affected by CVE-2026-25153 via @backstage/plugin-techdocs-node (>=1.0.0 <=1.13.11-next.0)
@backstage/plugin-techdocs-node NPM version =1.0.0, =0.4.9-next.0, =0.0.0-nightly-20251222025103, =0.11.13, =0.0.0-nightly-20241120023536, =1.10.4-next.2 Source cves: CVE-2026-25153 Source advisory: SNYK:JS-BACKSTAGEPLUGINTECHDOCSNODE-15166604...
Server-side Request Forgery (SSRF)
Overview @sveltejs/adapter-node is an Adapter for SvelteKit apps that generates a standalone Node server Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper decoding of protocol headers in resolved path. An attacker can cause the server process...
Arbitrary File Upload
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Arbitrary File Upload via the Git Node. An authenticated user can achieve execution of untrusted code by uploading malicious files that are subsequently executed by the service. This can lead to ful...