N8n-io N8n
58 CVEs affecting N8n-io N8n. Latest disclosed: 2026-05-04. Critical: 6, High: 12.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-21877 | Critical | 10.0 | 2026-01-08 | n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8… |
CVE-2026-21858 | Critical | 10.0 | 2026-01-07 | n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server… |
CVE-2025-68613 | Critical | 10.0 | 2025-12-19 | n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Ex… |
CVE-2025-68668 | Critical | 9.9 | 2025-12-26 | n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses… |
CVE-2026-42233 | Critical | 9.8 | 2026-05-04 | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allow… |
CVE-2026-42235 | Critical | 9.6 | 2026-05-04 | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP… |
CVE-2026-42237 | High | 8.8 | 2026-05-04 | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake… |
CVE-2026-42234 | High | 8.8 | 2026-05-04 | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify w… |
CVE-2026-42232 | High | 8.8 | 2026-05-04 | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify w… |
CVE-2026-42231 | High | 8.8 | 2026-05-04 | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodi… |
CVE-2026-42229 | High | 8.8 | 2026-05-04 | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operat… |
CVE-2025-62726 | High | 8.8 | 2025-10-30 | n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both… |
CVE-2025-52478 | High | 8.7 | 2025-08-19 | n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting (XSS) vulnerability was identified in n8n, specifically in t… |
CVE-2025-61917 | High | 7.7 | 2026-02-04 | n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the… |
CVE-2026-42236 | High | 7.5 | 2026-05-04 | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthe… |
CVE-2026-42226 | High | 7.5 | 2026-05-04 | n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the aut… |
CVE-2025-61914 | High | 7.3 | 2025-12-26 | n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting (XSS) vulnerability may occur in n8n when using the… |
CVE-2025-68697 | High | 7.1 | 2025-12-26 | n8n is an open source workflow automation platform. Prior to version 2.0.0, in self-hosted n8n instances where the Code node runs in legacy (non-task-runner) J… |
CVE-2026-42228 | Medium | 6.5 | 2026-05-04 | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /chat WebSocket endpoint used by the Chat Trigger node'… |
CVE-2026-42227 | Medium | 6.5 | 2026-05-04 | n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with a valid API key scoped to variab… |