Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/05/04 6:38 p.m.30 views

CVE-2026-42236 n8n: Unauthenticated Denial of Service via MCP Client Registration

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memor...

8.7CVSS0.00487EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 6:27 p.m.3 views

CVE-2026-42229

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows...

5.3CVSS5.8AI score0.00342EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/04 6:26 p.m.35 views

CVE-2026-42227 n8n: Public API Variables IDOR Allows Cross-Project Secret Disclosure

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying an arbitrary projectId query parameter to the public API...

6CVSS0.00203EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.10 views

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained security vulnerabilities. These vulnerabilities stemmed from the /chatWebSocket endpoint in the Chat Trigger node’s Hosted Chat feature, which did not verify...

6.5CVSS6.1AI score0.00383EPSS
Exploits1References2
OSV
OSV
added 2026/04/29 9:10 p.m.7 views

GHSA-MP4J-H6GH-F6MP n8n has SQL Injection in SeaTable Node

Impact A flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into the SeaTable node's search or row...

6.8CVSS5.8AI score0.00342EPSS
Exploits0References3
Rows per page
Query Builder