Lucene search
K

47 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-56354

n8n before 1.123.24, 2.10.4, and 2.12.0 across its 1.x and 2.x branches contains cross-site scripting and open redirect vulnerabilities in the Form Node due to unsanitized HTML description fields and overly permissive iframe sandbox policies. Authenticated users with workflow creation permissions...

5.4CVSS0.00186EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 12:34 a.m.10 views

EUVD-2026-40453

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...

5.3CVSS5.8AI score0.00245EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/30 10:8 p.m.5 views

CVE-2026-56356

n8n contains a stored cross-site scripting vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. Affected releases are those before 1.123.27, the 2.0.0 through 2.13.2 line, and 2.14.0 fixed in 1.123.27, 2.13.3, and 2.14.1. An authenticat...

5.4CVSS5.6AI score0.00177EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/24 11:53 a.m.7 views

CVE-2026-56358

The CVE affects n8n before 1.123.25 (1.x) and before 2.11.2 (2.x); a stored XSS exists in the Form Trigger node due to a CSS sanitization flaw. Authenticated users with workflow creation permissions can inject XSS payloads that persist for all form visitors, enabling form hijacking and phishing. ...

5.4CVSS5.7AI score0.00144EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/24 11:53 a.m.27 views

CVE-2026-56351

CVE-2026-56351 affects n8n prior to 2.4.0. A SQL injection exists in the MySQL, PostgreSQL, and Microsoft SQL nodes, where unescaped identifier values in node configuration parameters can be exploited by an authenticated user with workflow-creation permissions to inject arbitrary SQL and compromi...

9.6CVSS6.1AI score0.00217EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 11:34 p.m.12 views

n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host

Impact An authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download operation to target an attacker-controlled URL. The node attached the SecurityScorecard...

7.7CVSS5.3AI score0.00353EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/16 10:39 p.m.7 views

GHSA-JWM3-QCFW-C5PP n8n: Python Code Node AST Validator Bypass

Impact An authenticated user with permission to create or modify workflows containing a Python Code node could bypass the AST security validator and access the task executor module namespace. On self-hosted instances where N8NBLOCKRUNNERENVACCESS=false is set, this extended to disclosure of...

5.3CVSS5.5AI score0.00245EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/16 6:59 p.m.21 views

n8n: NoSQL Injection in MongoDB Node Find And Replace Operation

Impact An authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing unintended documents to be matched and overwritten with...

7.7CVSS5.3AI score0.0026EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 5:37 p.m.10 views

n8n: Git Node Clone and Push Operations Bypass File Sandbox

Impact An authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push operation, bypassing the N8NRESTRICTFILEACCESSTO file sandbox. This allowed the...

7.7CVSS5.3AI score0.00495EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.18 views

PT-2026-50150

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.48 n8n versions prior to 2.21.8 n8n versions prior to 2.22.4 Description An authenticated user with permissions to create or modify workflows containing a Python Code Node can escape the sandbox to achieve arbitrary...

8.5CVSS6.5AI score0.00356EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-50178

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description An authenticated user with permissions to create or modify workflows can achieve global prototype pollution through the Microsoft SQL node. By providing a crafted value to the table parameter, the...

8.5CVSS5.9AI score0.00294EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/04/29 9:25 p.m.31 views

n8n has XML Node Prototype Pollution that to RCE

Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype pollution. Patches The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Use...

9.4CVSS5.3AI score0.00478EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/04/29 9:25 p.m.7 views

Prototype Pollution

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Prototype Pollution via the xml2js used for parsing XML request bodies in webhook handlers. An authenticated attacker with permission to create or modify workflows could exploit this to pollute the...

9.9CVSS6.3AI score0.00851EPSS
Exploits1References2
OSV
OSV
added 2026/04/29 9:25 p.m.5 views

GHSA-Q5F4-99JV-PGG5 n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE

Impact A flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modify workflows could exploit this to pollute the JavaScript object prototype and, by chaining t...

10CVSS6.4AI score0.00851EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.7 views

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from server-side request forgery in the Kibana One workflow. This vulnerability could allow authenticated users with permission to create and...

7.7CVSS5.9AI score0.00226EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/27 6:6 p.m.3 views

Open Redirect

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Open Redirect via the Form Node when an authenticated user with workflow creation or modification permissions configures an unsanitized HTML description field or leverages an overly permissive ifram...

5.9CVSS6AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.2 views

CVE-2026-27496

n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data fro...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.4 views

CVE-2026-33696

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part...

9.4CVSS6.5AI score0.00765EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/25 5:0 p.m.6 views

n8n has In-Process Memory Disclosure in its Task Runner

Impact An authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data from the same Node.js process — including data from prior requests, tasks, secrets, or tokens —...

7.1CVSS5.7AI score0.00262EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/26 10:34 p.m.8 views

CVE-2026-27577

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse...

9.9CVSS5.8AI score0.97875EPSS
Exploits29References1
Rows per page
Query Builder