N8N-Io N8N vulnerabilities
77 known vulnerabilities affecting n8n-io/n8n.
Total CVEs
77
CISA KEV
1
actively exploited
Public exploits
3
Exploited in wild
2
Severity breakdown
CRITICAL19HIGH31MEDIUM27
Vulnerabilities
Page 2 of 4
CVE-2026-27497P2HIGHCVSS 8.8fixed in 1.123.22v>= 2.0.0, < 2.9.3+1 more2026-02-25
CVE-2026-27497 [HIGH] CWE-89 CVE-2026-27497: n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.2
nvd
CVE-2026-25055P2HIGHCVSS 8.1fixed in 1.123.12fixed in 2.4.02026-02-04
CVE-2026-25055 [HIGH] CWE-22 CVE-2026-25055: n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workf
n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those remote systems potentially leading to remote code execut
nvd
CVE-2026-42233P2CRITICALCVSS 9.8fixed in 1.123.32v>= 2.17.0, < 2.17.4+1 more2026-05-04
CVE-2026-42233 [CRITICAL] CWE-89 CVE-2026-42233: n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1,
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization or parameterization. In workflows where external input
nvd
CVE-2026-33660P2HIGHCVSS 8.8fixed in 1.123.27v>= 2.0.0-rc.0, < 2.13.3+1 more2026-03-25
CVE-2026-33660 [HIGH] CWE-94 CVE-2026-33660: n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26,
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statem
nvd
CVE-2026-33696P2HIGHCVSS 8.8fixed in 1.123.27v>= 2.0.0-rc.0, < 2.13.3+1 more2026-03-25
CVE-2026-33696 [HIGH] CWE-1321 CVE-2026-33696: n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27,
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part of node configuration, an attacker could write attacker
nvd
CVE-2026-42235P2CRITICALCVSS 9.6fixed in 1.123.32v>= 2.17.0, < 2.17.4+1 more2026-05-04
CVE-2026-42235 [CRITICAL] CWE-79 CVE-2026-42235: n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1,
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted client_name. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected
nvd
CVE-2026-44790P2HIGHCVSS 8.8fixed in 1.123.43v>= 2.0.0-rc.0, < 2.20.7+1 more2026-06-23
CVE-2026-44790 [HIGH] CWE-88 CVE-2026-44790: n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authen
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. This vulnerability is fixed in 1.1
nvd
CVE-2026-42234P2HIGHCVSS 8.8fixed in 1.123.32v>= 2.17.0, < 2.17.4+1 more2026-05-04
CVE-2026-42234 [HIGH] CWE-94 CVE-2026-42234: n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1,
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This issue only affects instances where the Python Task Runner is
nvd
CVE-2025-65964P3HIGHCVSS 8.8v>= 0.123.1, < 1.119.22025-12-09
CVE-2025-65964 [HIGH] CWE-829 CVE-2025-65964: n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have ade
n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can point to a malicious Git hook that executes arbitrary comma
nvd
CVE-2026-49444P3HIGHCVSS 8.5fixed in 1.123.48v>= 2.0.0-rc.0, < 2.21.8+1 more2026-06-23
CVE-2026-49444 [HIGH] CWE-20 CVE-2026-49444: n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authen
n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This vulnerability is fixed in 1.123.48, 2.21.8, and 2.22.4.
nvd
CVE-2026-44792P3CRITICALCVSS 9.0fixed in 1.123.43v>= 2.0.0-rc.0, < 2.20.7+1 more2026-06-23
CVE-2026-44792 [CRITICAL] CWE-89 CVE-2026-44792: n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an attack
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator performed a Source Control Pull, n8n imported the file a
nvd
CVE-2026-42232P3HIGHCVSS 8.8fixed in 1.123.43v>= 2.0.0-rc.0, < 2.20.7+1 more2026-05-04
CVE-2026-42232 [HIGH] CWE-1321 CVE-2026-42232: n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1,
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype pollution. This issue has been patched in versions 1.123
nvd
CVE-2026-33713P3HIGHCVSS 8.8fixed in 1.123.26v>= 2.0.0-rc.0, < 2.13.3+1 more2026-03-25
CVE-2026-33713 [HIGH] CWE-89 CVE-2026-33713: n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26,
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulated and the attack surface is practically limited. On Postgr
nvd
CVE-2026-45732P3HIGHCVSS 8.1fixed in 1.123.43v>= 2.0.0-rc.0, < 2.20.7+1 more2026-06-23
CVE-2026-45732 [HIGH] CWE-639 CVE-2026-45732: n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token m
nvd
CVE-2026-42229P3HIGHCVSS 8.8fixed in 1.123.32v>= 2.17.0, < 2.17.4+1 more2026-05-04
CVE-2026-42229 [HIGH] CWE-89 CVE-2026-42229: n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1,
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into th
nvd
CVE-2026-42237P3HIGHCVSS 8.8fixed in 1.123.32v>= 2.17.0, < 2.17.4+1 more2026-05-04
CVE-2026-42237 [HIGH] CWE-89 CVE-2026-42237: n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1,
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, and update keys into query strings without identifier escap
nvd
CVE-2026-33749P3CRITICALCVSS 9.0fixed in 1.123.27v>= 2.0.0-rc.0, < 2.13.3+1 more2026-03-25
CVE-2026-33749 [CRITICAL] CWE-79 CVE-2026-33749: n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1,
n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The `/rest/binary-data` endpoint served such responses inline on the n8n origin without `Content-Di
nvd
CVE-2026-21893P3HIGHCVSS 7.2v>= 0.187.0, < 1.120.32026-02-04
CVE-2026-21893 [HIGH] CWE-20 CVE-2026-21893: n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a comman
n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system commands on the n8n host under specific conditions. This iss
nvd
CVE-2026-33665P3HIGHCVSS 7.5fixed in 1.121.0v>= 2.0.0-rc.0, < 2.4.02026-03-25
CVE-2026-33665 [HIGH] CWE-287 CVE-2026-33665: n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP a
n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could control their own LDAP email attribute could set it to m
nvd
CVE-2026-54312P3HIGHCVSS 8.5fixed in 2.24.02026-06-23
CVE-2026-54312 [HIGH] CWE-1321 CVE-2026-54312: n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with perm
n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as the table parameter. This pollutes Object.prototype process-wide for the lifetime of the n8n server process, causin
nvd