| CVE-2026-42237 |
high |
8.8 |
8.8 |
|
|
|
1mo ago |
n8n has SQL Injection in Snowflake and MySQL Nodes |
| CVE-2026-42234 |
high |
8.8 |
8.8 |
|
|
|
1mo ago |
n8n has a Python Task Runner Sandbox Escape Vulnerability |
| CVE-2026-42232 |
high |
8.8 |
8.8 |
|
|
|
1mo ago |
n8n has XML Node Prototype Pollution that to RCE |
| CVE-2026-42231 |
high |
8.8 |
8.8 |
|
|
|
1mo ago |
n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE |
| CVE-2026-42229 |
high |
8.8 |
8.8 |
|
|
|
1mo ago |
n8n has SQL Injection in SeaTable Node |
| CVE-2026-45732 |
high |
— |
8.0 |
|
|
|
21d ago |
n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints |
| CVE-2026-44792 |
high |
— |
8.0 |
|
|
|
21d ago |
n8n Has a Source Control Pull SQL Injection |
| CVE-2026-42236 |
high |
7.5 |
7.5 |
|
|
|
1mo ago |
n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration |
| CVE-2026-42226 |
high |
7.5 |
7.5 |
|
|
|
1mo ago |
n8n's Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay |
| CVE-2025-68613 |
unknown |
— |
2.5 |
|
|
|
5mo ago |
n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution. |
