| CVE-2026-42233 |
critical |
9.8 |
9.8 |
|
|
|
1mo ago |
n8n has SQL Injection in Oracle Database Node via Limit Field |
| CVE-2026-42235 |
critical |
9.6 |
9.6 |
|
|
|
1mo ago |
n8n Vulnerable to XSS via MCP OAuth client |
| CVE-2026-44791 |
critical |
— |
9.5 |
|
|
|
20d ago |
n8n Has an XML Node Prototype Pollution Patch Bypass |
| CVE-2026-44790 |
critical |
— |
9.5 |
|
|
|
20d ago |
n8n Has an Arbitrary File Read via Git Node |
| CVE-2026-44789 |
critical |
— |
9.5 |
|
|
|
20d ago |
n8n: HTTP Request Node Pagination Prototype Pollution to RCE |
| CVE-2026-42237 |
high |
8.8 |
8.8 |
|
|
|
1mo ago |
n8n has SQL Injection in Snowflake and MySQL Nodes |
| CVE-2026-42234 |
high |
8.8 |
8.8 |
|
|
|
1mo ago |
n8n has a Python Task Runner Sandbox Escape Vulnerability |
| CVE-2026-42232 |
high |
8.8 |
8.8 |
|
|
|
1mo ago |
n8n has XML Node Prototype Pollution that to RCE |
| CVE-2026-42231 |
high |
8.8 |
8.8 |
|
|
|
1mo ago |
n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE |
| CVE-2026-42229 |
high |
8.8 |
8.8 |
|
|
|
1mo ago |
n8n has SQL Injection in SeaTable Node |
| CVE-2026-45732 |
high |
— |
8.0 |
|
|
|
20d ago |
n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints |
| CVE-2026-44792 |
high |
— |
8.0 |
|
|
|
20d ago |
n8n Has a Source Control Pull SQL Injection |
| CVE-2026-42236 |
high |
7.5 |
7.5 |
|
|
|
1mo ago |
n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration |
| CVE-2026-42226 |
high |
7.5 |
7.5 |
|
|
|
1mo ago |
n8n's Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay |
| CVE-2026-42228 |
medium |
6.5 |
6.5 |
|
|
|
1mo ago |
n8n Vulnerable to Hijacking of Unauthenticated Chat Execution |
| CVE-2026-42227 |
medium |
6.5 |
6.5 |
|
|
|
1mo ago |
n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure |
| CVE-2026-42230 |
medium |
6.1 |
6.1 |
|
|
|
1mo ago |
n8n has Open Redirect in MCP OAuth Consent Flow |
| CVE-2025-68613 |
unknown |
— |
2.5 |
|
|
|
5mo ago |
n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution. |
| CVE-2026-33751 |
unknown |
— |
— |
|
|
|
2mo ago |
n8n Vulnerable to LDAP Filter Injection in LDAP Node |
| CVE-2026-33749 |
unknown |
— |
— |
|
|
|
2mo ago |
n8n Vulnerable to XSS via Binary Data Inline HTML Rendering |
| CVE-2026-33713 |
unknown |
— |
— |
|
|
|
2mo ago |
n8n has SQL Injection in Data Table Node via orderByColumn Expression |
| CVE-2026-33696 |
unknown |
— |
— |
|
|
|
2mo ago |
n8n: Prototype Pollution in XML and GSuiteAdmin node parameters lead to RCE |
| CVE-2026-33724 |
unknown |
— |
— |
|
|
|
2mo ago |
n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no |
| CVE-2026-33722 |
unknown |
— |
— |
|
|
|
2mo ago |
n8n Has External Secrets Authorization Bypass in Credential Saving |
| CVE-2026-33720 |
unknown |
— |
— |
|
|
|
2mo ago |
n8n Has Authorization Bypass in OAuth Callback via N8N_SKIP_AUTH_ON_OAUTH_CALLBACK |
| CVE-2026-33665 |
unknown |
— |
— |
|
|
|
2mo ago |
n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover |
| CVE-2026-33663 |
unknown |
— |
— |
|
|
|
2mo ago |
n8n is Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition |
| CVE-2026-33660 |
unknown |
— |
— |
|
|
|
2mo ago |
n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode |
| CVE-2026-27496 |
unknown |
— |
— |
|
|
|
2mo ago |
n8n has In-Process Memory Disclosure in its Task Runner |
| CVE-2026-27578 |
unknown |
— |
— |
|
|
|
3mo ago |
n8n Vulnerable to Stored XSS via Various Nodes |
| CVE-2026-27577 |
unknown |
— |
— |
|
|
|
3mo ago |
n8n: Expression Sandbox Escape Leads to RCE |
| CVE-2026-27498 |
unknown |
— |
— |
|
|
|
3mo ago |
n8n has Arbitrary Command Execution via File Write and Git Operations |
| CVE-2026-27497 |
unknown |
— |
— |
|
|
|
3mo ago |
n8n has Potential Remote Code Execution via Merge Node |
| CVE-2026-27495 |
unknown |
— |
— |
|
|
|
3mo ago |
n8n has a Sandbox Escape in its JavaScript Task Runner |
| CVE-2026-27494 |
unknown |
— |
— |
|
|
|
3mo ago |
n8n has Arbitrary File Read via Python Code Node Sandbox Escape |
| CVE-2026-27493 |
unknown |
— |
— |
|
|
|
3mo ago |
n8n has Unauthenticated Expression Evaluation via Form Node |
| CVE-2026-25631 |
unknown |
— |
— |
|
|
|
4mo ago |
n8n's domain allowlist bypass enables credential exfiltration |
| CVE-2026-25115 |
unknown |
— |
— |
|
|
|
4mo ago |
n8n has a Python sandbox escape |
| CVE-2026-25056 |
unknown |
— |
— |
|
|
|
4mo ago |
n8n Merge Node has Arbitrary File Write leading to RCE |
| CVE-2026-25055 |
unknown |
— |
— |
|
|
|
4mo ago |
n8n Vulnerable to Arbitrary File Write on Remote Systems via SSH Node |
| CVE-2026-25054 |
unknown |
— |
— |
|
|
|
4mo ago |
n8n Has Stored Cross-site Scripting via Markdown Rendering in Workflow UI |
| CVE-2026-25053 |
unknown |
— |
— |
|
|
|
4mo ago |
n8n has OS Command Injection in Git Node |
| CVE-2026-25052 |
unknown |
— |
— |
|
|
|
4mo ago |
n8n's Improper File Access Controls Allow Arbitrary File Read by Authenticated Users |
| CVE-2026-25051 |
unknown |
— |
— |
|
|
|
4mo ago |
n8n's Improper CSP Enforcement in Webhook Responses May Allow Stored XSS |
| CVE-2026-25049 |
unknown |
— |
— |
|
|
|
4mo ago |
n8n Has Expression Escape Vulnerability Leading to RCE |
| CVE-2026-21893 |
unknown |
— |
— |
|
|
|
4mo ago |
n8n Vulnerable to Command Injection in Community Package Installation |
| CVE-2025-61917 |
unknown |
— |
— |
|
|
|
4mo ago |
n8n's Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner |
| CVE-2026-1470 |
unknown |
— |
— |
|
|
|
4mo ago |
n8n Unsafe Workflow Expression Evaluation Allows Remote Code Execution |
| CVE-2025-68949 |
unknown |
— |
— |
|
|
|
5mo ago |
n8n: Webhook Node IP Whitelist Bypass via Partial String Matching |
| CVE-2026-21894 |
unknown |
— |
— |
|
|
|
5mo ago |
n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks |
| CVE-2026-21858 |
unknown |
— |
— |
|
|
|
5mo ago |
n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling |
| CVE-2026-21877 |
unknown |
— |
— |
|
|
|
5mo ago |
n8n Vulnerable to RCE via Arbitrary File Write |
| CVE-2025-68697 |
unknown |
— |
— |
|
|
|
5mo ago |
Self-hosted n8n has Legacy Code node that enables arbitrary file read/write |
| CVE-2025-68668 |
unknown |
— |
— |
|
|
|
5mo ago |
n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node |
| CVE-2025-61914 |
unknown |
— |
— |
|
|
|
5mo ago |
n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox |
| CVE-2025-65964 |
unknown |
— |
— |
|
|
|
6mo ago |
n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook |
| CVE-2025-62726 |
unknown |
— |
— |
|
|
|
7mo ago |
n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook |
| CVE-2025-58177 |
unknown |
— |
— |
|
|
|
9mo ago |
Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter |
| CVE-2025-57749 |
unknown |
— |
— |
|
|
|
10mo ago |
n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files |
| CVE-2025-52478 |
unknown |
— |
— |
|
|
|
10mo ago |
Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source |
| CVE-2025-52554 |
unknown |
— |
— |
|
|
|
11mo ago |
n8n is vulnerable to Improper Authorization through its `/stop` endpoint |
| CVE-2025-49595 |
unknown |
— |
— |
|
|
|
11mo ago |
n8n Vulnerable to Denial of Service via Malformed Binary Data Requests |
| CVE-2025-49592 |
unknown |
— |
— |
|
|
|
11mo ago |
n8n allows open redirects via the /signin endpoint |
| CVE-2025-46343 |
unknown |
— |
— |
|
|
|
1y ago |
n8n Vulnerable to Stored XSS through Attachments View Endpoint |
| CVE-2023-27563 |
unknown |
— |
— |
|
|
|
3y ago |
n8n Privilege Escalation vulnerability |
| CVE-2023-27564 |
unknown |
— |
— |
|
|
|
3y ago |
n8n Information Disclosure vulnerability |
| CVE-2023-27562 |
unknown |
— |
— |
|
|
|
3y ago |
n8n Directory Traversal vulnerability |
