@n8n/backend-test-utils (=0.26.0), @n8n/db (=0.34.0) +2 more potentially affected by CVE-2026-25051 via n8n-core (=1.122.0)

n8n-core NPM version =1.122.0 is affected by a known vulnerability. The following packages have a transitive dependency on n8n-core and may be impacted: - @n8n/backend-test-utils =0.26.0 - @n8n/db =0.34.0 - @n8n/task-runner =1.59.0 - n8n-node-dev =1.121.0 Source cves: CVE-2026-25051 Source...

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource via the Buffer.allocUnsafe and Buffer.allocUnsafeSlow functions in the task runner process. An attacker can access sensitive in-process memory contents by executing untrusted code that allocates uninitializ...

GHSA-49MX-FJ45-Q3P6 n8n's Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner

Impact The use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process for example, data from prior requests, tasks, secrets, or tokens,...

n8n's Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner

Impact The use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process for example, data from prior requests, tasks, secrets, or tokens,...

CVE-2025-61917

n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the sa...

CVE-2025-61917 n8n Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner

n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the sa...

EUVD-2025-206795

n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the sa...

CVE-2025-61917 n8n Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner

n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the sa...

CVE-2025-61917

CVE-2025-61917 affects the open‑source workflow tool n8n (versions 1.65.0 through before 1.114.3). The root cause is the use of Buffer.allocUnsafe() / Buffer.allocUnsafeSlow() inside the Task Runner, allowing untrusted code to allocate uninitialized memory that may contain residual data (prior re...

CVE-2025-61917 n8n Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner

n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the sa...

CVE-2025-66374

CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task...

PT-2026-5931

Name of the Vulnerable Software and Affected Versions n8n versions 1.65.0 through 1.114.2 Description n8n is a workflow automation platform. The use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. This could result in...

PT-2026-6357

Impact The use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process for example, data from prior requests, tasks, secrets, or tokens,...

PT-2026-6392

Impact A vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. Only authenticated users are able to execute code through Task Runners. This issue affected any deployment in which the...

CVE-2025-66374

CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task...

CVE-2025-66374

CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task...

CVE-2025-66374

CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task...

PT-2026-5953

Name of the Vulnerable Software and Affected Versions CyberArk Endpoint Privilege Manager Agent versions through 25.10.0 Description A local user can elevate privileges through policy elevation of an Administration task. This allows for privilege escalation. Recommendations Update CyberArk Endpoi...

EUVD-2025-206730

CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task...

SUSE CVE-2026-23017

In the Linux kernel, the following vulnerability has been resolved: idpf: fix error handling in the inittask on load If the inittask fails during a driver load, we end up without vports and netdevs, effectively failing the entire process. In that state a subsequent reset will result in a crash as...