cbcvebase.

N8N-Io N8N vulnerabilities

77 known vulnerabilities affecting n8n-io/n8n.

Total CVEs
77
CISA KEV
1
actively exploited
Public exploits
3
Exploited in wild
2
Severity breakdown
CRITICAL19HIGH31MEDIUM27

Vulnerabilities

Page 4 of 4
CVE-2026-33722P4MEDIUMCVSS 5.3fixed in 1.123.23v>= 2.0.0-rc.0, < 2.6.42026-03-25
CVE-2026-33722 [MEDIUM] CWE-863 CVE-2026-33722: n8n is an open source workflow automation platform. Prior to versions 2.6.4 and 1.123.23, an authent n8n is an open source workflow automation platform. Prior to versions 2.6.4 and 1.123.23, an authenticated user without permission to list external secrets could reference a secret by the external name in a credential and retrieve its plaintext value when saving the credential. This bypassed the `externalSecret:list` permission check and allowed acc
nvd
CVE-2025-68949P4MEDIUMCVSS 5.3v>= 1.36.0, < 2.2.02026-01-13
CVE-2025-68949 [MEDIUM] CWE-134 CVE-2025-68949: n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely contained the configured whitelist entry as a substring. This issue affected in
nvd
CVE-2026-54301P4MEDIUMCVSS 5.4fixed in 1.123.55v>= 2.0.0-rc.0, < 2.25.7+1 more2026-06-23
CVE-2026-54301 [MEDIUM] CWE-79 CVE-2026-54301: n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authen n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type. The binary response path bypassed the central Content-Security-Policy sandbox header, allowing a public w
nvd
CVE-2026-54302P4MEDIUMCVSS 5.4fixed in 1.123.55v>= 2.0.0-rc.0, < 2.25.7+1 more2026-06-23
CVE-2026-54302 [MEDIUM] CWE-79 CVE-2026-54302: n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authen n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the injected code executed in the n8n origin with that user's
nvd
CVE-2026-27578P4MEDIUMCVSS 5.4fixed in 1.123.22v>= 2.0.0, < 2.9.3+1 more2026-02-25
CVE-2026-27578 [MEDIUM] CWE-79 CVE-2026-27578: n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various nodes (Form Trigger node, Chat Trigger node, Send & Wait node, Webhook No
nvd
CVE-2025-52478P4MEDIUMCVSS 5.4v>= 1.77.0, < 1.98.22025-08-19
CVE-2025-52478 [MEDIUM] CWE-79 CVE-2025-52478: n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting ( n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting (XSS) vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes arbitrary JavaScript execution. The attacker can also in
nvd
CVE-2025-58177P4MEDIUMCVSS 5.4v>= 1.24.0, < 1.107.02025-09-15
CVE-2025-58177 [MEDIUM] CWE-79 CVE-2025-58177: n8n is an open source workflow automation platform. From 1.24.0 to before 1.107.0, there is a stored n8n is an open source workflow automation platform. From 1.24.0 to before 1.107.0, there is a stored cross-site scripting (XSS) vulnerability in @n8n/n8n-nodes-langchain.chatTrigger. An authorized user can configure the LangChain Chat Trigger node with malicious JavaScript in the initialMessages field and enable public access so that the payload is e
nvd
CVE-2025-61914P4MEDIUMCVSS 5.4fixed in 1.114.02025-12-26
CVE-2025-61914 [MEDIUM] CWE-79 CVE-2025-61914: n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Sc n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting (XSS) vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the top-level window, rather than within the expected sa
nvd
CVE-2025-46343P4MEDIUMCVSS 5.4fixed in 1.90.02025-04-29
CVE-2025-46343 [MEDIUM] CWE-79 CVE-2025-46343: n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-si n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting (XSS) through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there is no restriction on the MIME type of uploaded files, and the MIME type could be contr
nvd
CVE-2026-25054P4MEDIUMCVSS 5.4fixed in 1.123.9fixed in 2.2.12026-02-04
CVE-2026-25054 [MEDIUM] CWE-79 CVE-2026-25054: n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Sit n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting (XSS) vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user with permission to create or modify workflows could
nvd
CVE-2026-54303P4MEDIUMCVSS 5.4fixed in 2.24.02026-06-23
CVE-2026-54303 [MEDIUM] CWE-79 CVE-2026-54303: n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Mic n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user visits a crafted URL. This vulnerability is fixed in 2.
nvd
CVE-2026-25051P4MEDIUMCVSS 5.4fixed in 1.123.22026-02-04
CVE-2026-25051 [MEDIUM] CWE-79 CVE-2026-25051: n8n is an open source workflow automation platform. Prior to version 1.123.2, a Cross-Site Scripting n8n is an open source workflow automation platform. Prior to version 1.123.2, a Cross-Site Scripting (XSS) vulnerability has been identified in the handling of webhook responses and related HTTP endpoints. Under certain conditions, the Content Security Policy (CSP) sandbox protection intended to isolate HTML responses may not be applied correctly. An
nvd
CVE-2025-49592P4MEDIUMCVSS 5.4fixed in 1.98.02025-06-26
CVE-2025-49592 [MEDIUM] CWE-601 CVE-2025-49592: n8n is a workflow automation platform. Versions prior to 1.98.0 have an Open Redirect vulnerability n8n is a workflow automation platform. Versions prior to 1.98.0 have an Open Redirect vulnerability in the login flow. Authenticated users can be redirected to untrusted, attacker-controlled domains after logging in, by crafting malicious URLs with a misleading redirect query parameter. This may lead to phishing attacks by impersonating the n8n UI on
nvd
CVE-2026-33751P4MEDIUMCVSS 4.8fixed in 1.123.27v>= 2.0.0-rc.0, < 2.13.3+1 more2026-03-25
CVE-2026-33751 [MEDIUM] CWE-90 CVE-2026-33751: n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node
nvd
CVE-2025-49595P4MEDIUMCVSS 4.9fixed in 1.99.02025-07-03
CVE-2025-49595 [MEDIUM] CWE-400 CVE-2025-49595: n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnera n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://). This allows authenticated attackers to cause service unavailability through malformed filesystem URI requests, effecting the /rest/binary-d
nvd
CVE-2025-52554P4MEDIUMCVSS 4.3fixed in 1.99.12025-07-03
CVE-2025-52554 [MEDIUM] CWE-862 CVE-2025-52554: n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was d n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption. This issue has been patched in versio
nvd
CVE-2026-33720P4MEDIUMCVSS 4.2fixed in 2.8.02026-03-25
CVE-2026-33720 [MEDIUM] CWE-863 CVE-2026-33720: n8n is an open source workflow automation platform. Prior to version 2.8.0, when the `N8N_SKIP_AUTH_ n8n is an open source workflow automation platform. Prior to version 2.8.0, when the `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK` environment variable is set to `true`, the OAuth callback handler skips ownership verification of the OAuth state parameter. This allows an attacker to trick a victim into completing an OAuth flow against a credential object the att
nvd
N8N-Io N8N vulnerabilities | cvebase