n8n
npm69 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting n8npage 2 of 2
- CVE-2026-54301MEDIUMCVSS 5.4EG 5.4✓ Fixed in 2.25.72026-06-16
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Conten…
- CVE-2026-54302MEDIUMCVSS 5.4EG 5.4✓ Fixed in 2.25.72026-06-16
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webh…
- CVE-2026-54303MEDIUMCVSS 5.4EG 5.4✓ Fixed in 2.24.02026-06-16
n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabl…
- CVE-2026-54304HIGHCVSS 7.7EG 7.7✓ Fixed in 2.25.72026-06-16
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could …
- CVE-2026-54305CRITICALCVSS 9.9EG 9.9✓ Fixed in 2.25.72026-06-16
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope…
- CVE-2026-54306MEDIUMCVSS 6.4EG 6.4✓ Fixed in 2.25.72026-06-16
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, a prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object cop…
- CVE-2026-54307CRITICALCVSS 9.6EG 9.6✓ Fixed in 2.25.72026-06-16
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credentia…
- CVE-2026-54308HIGHCVSS 7.2EG 7.2✓ Fixed in 2.25.72026-06-16
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL …
- CVE-2026-54309CRITICALCVSS 10.0EG 10.0✓ Fixed in 2.25.72026-06-16
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, when @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocation requests without any authentication. A…
- CVE-2026-54310CRITICALCVSS 9.9EG 9.9✓ Fixed in 2.25.72026-06-16
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allow…
- CVE-2026-54311HIGHCVSS 7.7EG 7.7✓ Fixed in 2.25.72026-06-16
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode. Because the sandbox cont…
- CVE-2026-54312HIGHCVSS 8.5EG 8.5✓ Fixed in 2.24.02026-06-16
n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as th…
- CVE-2026-54313HIGHCVSS 7.7EG 7.7✓ Fixed in 2.24.02026-06-16
n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before…
- CVE-2026-54314HIGHCVSS 7.5EG 7.5✓ Fixed in 2.24.02026-06-16
n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression node's Decompress operation expanded attacker-controlled archives into memory without enforcing limits on decompressed output size. An unauthenticated att…
- CVE-2026-56348CRITICALCVSS 9.9EG 9.9✓ Fixed in 2.20.02026-05-19
n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authenticated users to bypass Allowed HTTP Request Domains restrictions. Attackers with credential ac…
- CVE-2026-56350HIGHCVSS 7.7EG 6.3✓ Fixed in 2.8.02026-07-01
n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizationa…
- CVE-2026-56357MEDIUMCVSS 5.3EG 4.0✓ Fixed in 2.5.02026-02-26
n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signature verification. Attackers who know the webhook URL can send unsigned POST requests to tri…
- CVE-2026-56776HIGHCVSS 7.4EG 7.4✓ Fixed in 1.123.552026-07-08
n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflows/{workflowId}/test-runs/new endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user w…
- CVE-2026-56777MEDIUMCVSS 5.0EG 5.0✓ Fixed in 2.26.22026-07-01
n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree (AST) security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypa…
Check whether n8n is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for n8n CVEs against the assets you own.
Start Free Scan →