Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: vendors Tag: n8n Clear
ID Title
CVE-2026-56777 Vulnerability in n8n (CVE-2026-56777)
vulnerability in n8n (CVE-2026-56777). Risk of unauthorized operations or information disclosure.
CVE-2026-56350 Vulnerability in n8n (CVE-2026-56350)
vulnerability in n8n (CVE-2026-56350). Data can be tampered with by attackers.
CVE-2026-56356 Cross-Site Scripting (XSS) in n8n (CVE-2026-56356)
cross-site scripting in n8n (CVE-2026-56356). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.123.27` or later.
CVE-2026-54304 Information Disclosure in n8n (CVE-2026-54304)
vulnerability in n8n (CVE-2026-54304). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54309 Vulnerability in n8n (CVE-2026-54309)
vulnerability in n8n (CVE-2026-54309). Confidential information can be exposed externally. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54305 Information Disclosure in n8n (CVE-2026-54305)
vulnerability in n8n (CVE-2026-54305). Confidential information can be exposed externally. Exploitable via ``N8N_ENV_FEAT_DYNAMIC_CREDENTIALS``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54307 Authorization Flaw in n8n (CVE-2026-54307)
vulnerability in n8n (CVE-2026-54307). Confidential information can be exposed externally. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54314 Vulnerability in n8n (CVE-2026-54314)
vulnerability in n8n (CVE-2026-54314). Risk of unauthorized operations or information disclosure. Exploitable via ``N8N_COMPRESSION_NODE_MAX_ZIP_ENTRIES``. Mitigation: upgrade to `2.24.0` or later.
CVE-2026-54302 Cross-Site Scripting (XSS) in n8n (CVE-2026-54302)
cross-site scripting in n8n (CVE-2026-54302). Risk of unauthorized operations or information disclosure. Exploitable via ``webhookId``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54303 Cross-Site Scripting (XSS) in n8n (CVE-2026-54303)
cross-site scripting in n8n (CVE-2026-54303). Risk of unauthorized operations or information disclosure. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.24.0` or later.
CVE-2026-54312 Vulnerability in n8n (CVE-2026-54312)
vulnerability in n8n (CVE-2026-54312). Risk of unauthorized operations or information disclosure. Exploitable via ``Object.prototype``. Mitigation: upgrade to `2.24.0` or later.
CVE-2026-54311 Vulnerability in n8n (CVE-2026-54311)
vulnerability in n8n (CVE-2026-54311). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54306 Vulnerability in n8n (CVE-2026-54306)
vulnerability in n8n (CVE-2026-54306). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54301 Cross-Site Scripting (XSS) in n8n (CVE-2026-54301)
cross-site scripting in n8n (CVE-2026-54301). Risk of unauthorized operations or information disclosure. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54308 Vulnerability in n8n (CVE-2026-54308)
vulnerability in n8n (CVE-2026-54308). Risk of unauthorized operations or information disclosure. Exploitable via ``MicrosoftAgent365Trigger``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54313 SQL Injection in n8n (CVE-2026-54313)
SQL injection in n8n (CVE-2026-54313). Data can be tampered with by attackers. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.24.0` or later.
CVE-2026-54310 SQL Injection in n8n (CVE-2026-54310)
SQL injection in n8n (CVE-2026-54310). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-49465 Path Traversal in n8n (CVE-2026-49465)
path traversal in n8n (CVE-2026-49465). Confidential information can be exposed externally. Exploitable via ``N8N_RESTRICT_FILE_ACCESS_TO``. Mitigation: upgrade to `2.21.8` or later.
CVE-2026-49444 Vulnerability in n8n (CVE-2026-49444)
vulnerability in n8n (CVE-2026-49444). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.21.8` or later.
CVE-2026-56348 SSRF (Server-Side Request Forgery) in n8n (CVE-2026-56348)
SSRF in n8n (CVE-2026-56348). Confidential information can be exposed externally. Exploitable via `POST /rest/dynamic-node-parameters/options`. Mitigation: upgrade to `2.20.0` or later.
CVE-2026-45732 Vulnerability in n8n (CVE-2026-45732)
vulnerability in n8n (CVE-2026-45732). Confidential information can be exposed externally. Mitigation: upgrade to `2.20.7` or later.
CVE-2026-44792 SQL Injection in n8n (CVE-2026-44792)
SQL injection in n8n (CVE-2026-44792). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.20.7` or later.
CVE-2026-44791 Vulnerability in n8n (CVE-2026-44791)
vulnerability in n8n (CVE-2026-44791). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
CVE-2026-44790 Vulnerability in n8n (CVE-2026-44790)
vulnerability in n8n (CVE-2026-44790). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
CVE-2026-44789 Vulnerability in n8n (CVE-2026-44789)
vulnerability in n8n (CVE-2026-44789). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
CVE-2026-56358 Cross-Site Scripting (XSS) in n8n (CVE-2026-56358)
cross-site scripting in n8n (CVE-2026-56358). Risk of unauthorized operations or information disclosure. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `1.123.25` or later.
CVE-2025-68613 KEV [KEV] Vulnerability in n8n (CVE-2025-68613)
vulnerability in n8n (CVE-2025-68613). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-56357 Vulnerability in n8n (CVE-2026-56357)
vulnerability in n8n (CVE-2026-56357). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.5.0` or later.
CVE-2026-56351 SQL Injection in n8n (CVE-2026-56351)
SQL injection in n8n (CVE-2026-56351). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.4.0` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →