Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

n8n — Vulnerabilities & Security Advisories 58

All 58 CVE vulnerabilities found in n8n, with AI-generated Chinese analysis, references, and POCs.

This page aggregates known vulnerabilities and security weaknesses for the workflow automation tool n8n, specifically focusing on Common Weakness Enumerations. It collects reports covering a wide spectrum of issues, including remote code execution, privilege escalation, and cross-site scripting flaws, spanning from early development versions through to recent stable releases up to the current year. Users can utilize this resource to track vendor advisories and security updates issued by n8n, gain a deeper understanding of specific weakness classes that may impact automation workflows, and look up a product’s comprehensive vulnerability history to assess long-term security trends. The data includes references to common exploitation techniques and contextual information regarding the severity and impact of each finding, helping administrators and developers prioritize remediation efforts. By consolidating these disparate sources into a single view, the page simplifies the process of monitoring the security posture of n8n deployments. It serves as a practical reference for security professionals seeking to evaluate risks associated with integrating n8n into their infrastructure. The content is organized to facilitate quick identification of relevant threats without overwhelming the reader with excessive technical detail, ensuring that essential information regarding patch availability and mitigation strategies is readily accessible. This approach supports informed decision-making when maintaining secure and resilient automated processes.

Vendor: n8n-io

CVE IDTitleCVSSSeverityPublished
CVE-2026-25631 Domain allowlist bypass enables credential exfiltration CWE-20 6.5AIMediumAI2026-02-06
CVE-2026-21893 n8n Vulnerable to Command Injection in Community Package Installation CWE-78 7.2AIHighAI2026-02-04
CVE-2026-25115 n8n is vulnerable to Python sandbox escape CWE-693 9.9AICriticalAI2026-02-04
CVE-2026-25056 n8n Arbitrary File Write leading to RCE in n8n Merge Node CWE-434 8.8AIHighAI2026-02-04
CVE-2026-25055 n8n Arbitrary File Write on Remote Systems via SSH Node CWE-22 10.0AICriticalAI2026-02-04
CVE-2026-25054 n8n is Vulnerable to Stored Cross-Site Scripting via Markdown Rendering in Workflow UI CWE-80 5.4AIMediumAI2026-02-04
CVE-2026-25053 n8n is Vulnerable to OS Command Injection in Git Node CWE-78 8.8AIHighAI2026-02-04
CVE-2026-25052 n8n Improper File Access Controls Allow Arbitrary File Read by Authenticated Users CWE-367 8.8AIHighAI2026-02-04
CVE-2026-25051 n8n Improper CSP Enforcement in Webhook Responses May Allow Stored XSS CWE-79 5.4AIMediumAI2026-02-04
CVE-2025-61917 n8n Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner CWE-668 7.7 High2026-02-04
CVE-2026-25049 n8n Has an Expression Escape Vulnerability Leading to RCE CWE-913 9.9AICriticalAI2026-02-04
CVE-2025-68949 n8n has a Webhook Node IP Whitelist Bypass via Partial String Matching CWE-134 5.3 Medium2026-01-13
CVE-2026-21894 n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks CWE-290 6.5 Medium2026-01-08
CVE-2026-21877 n8n is vulnerable to Remote Code Execution via Arbitrary File Write CWE-94 10.0 Critical2026-01-08
CVE-2026-21858 n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling CWE-20 10.0 Critical2026-01-07
CVE-2025-68697 Self-hosted n8n has Legacy Code node that enables arbitrary file read/write CWE-269 7.1 High2025-12-26
CVE-2025-68668 n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node CWE-693 9.9 Critical2025-12-26
CVE-2025-61914 n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox CWE-79 7.3 High2025-12-26
CVE-2025-68613 n8n Vulnerable to Remote Code Execution via Expression Injection CWE-913 10.0 Critical2025-12-19
CVE-2025-65964 n8n Vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook CWE-829 9.8AICriticalAI2025-12-08
CVE-2025-62726 n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook CWE-829 8.8 High2025-10-30
CVE-2025-58177 n8n stored cross-site scripting in LangChain Chat Trigger node initialMessages parameter CWE-79 5.4 Medium2025-09-15
CVE-2025-57749 n8n has a symlink traversal vulnerability in "Read/Write File" node allows access to restricted files CWE-59 6.5 Medium2025-08-20
CVE-2025-52478 Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source CWE-79 8.7 High2025-08-19
CVE-2025-52554 n8n Improper Authorization in Workflow Execution Stop Endpoint Allows Terminating Other Users’ Workflows CWE-862 5.4AIMediumAI2025-07-03
CVE-2025-49595 n8n Vulnerable to Denial of Service via Malformed Binary Data Requests CWE-400 4.9 Medium2025-07-03
CVE-2025-49592 n8n Login Flow has Open Redirect Vulnerability CWE-601 4.6 Medium2025-06-26
CVE-2025-46343 n8n Vulnerable to Stored XSS through Attachments View Endpoint CWE-79 5.0 Medium2025-04-29

All 58 known CVE vulnerabilities affecting n8n with full Chinese analysis, references, and POCs where available.