Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-56777 |
|
Vulnerability in n8n (CVE-2026-56777)
vulnerability in n8n (CVE-2026-56777). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56356 |
|
Cross-Site Scripting (XSS) in n8n (CVE-2026-56356)
cross-site scripting in n8n (CVE-2026-56356). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.123.27` or later.
|
| CVE-2026-54309 |
|
Vulnerability in n8n (CVE-2026-54309)
vulnerability in n8n (CVE-2026-54309). Confidential information can be exposed externally. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54302 |
|
Cross-Site Scripting (XSS) in n8n (CVE-2026-54302)
cross-site scripting in n8n (CVE-2026-54302). Risk of unauthorized operations or information disclosure. Exploitable via ``webhookId``. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54301 |
|
Cross-Site Scripting (XSS) in n8n (CVE-2026-54301)
cross-site scripting in n8n (CVE-2026-54301). Risk of unauthorized operations or information disclosure. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-49444 |
|
Vulnerability in n8n (CVE-2026-49444)
vulnerability in n8n (CVE-2026-49444). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.21.8` or later.
|