Vulnerability in N8n-io N8n

CVE-2026-27496

n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory bu…

EPSS: 0.000 (12.6th percentile) — read the EPSS interpretation.

Affected products

N8n-io N8n — versions < 1.123.22, >= 2.0.0-rc.0, < 2.9.3, >= 2.10.0, < 2.10.1

Weakness classification (CWE)

CWE-908 — Use of Uninitialized Resource

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-xvh5-5qg4-x9qp (x_refsource_CONFIRM)
https://docs.n8n.io/hosting/configuration/task-runners (x_refsource_MISC)
https://docs.n8n.io/hosting/securing/blocking-nodes (x_refsource_MISC)