Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

n8n — Vulnerabilities & Security Advisories 58

All 58 CVE vulnerabilities found in n8n, with AI-generated Chinese analysis, references, and POCs.

Vendor: n8n-io

CVE IDTitleCVSSSeverityPublished
CVE-2026-42237 n8n: SQL Injection in Snowflake and MySQL Nodes CWE-89 8.8 -2026-05-04
CVE-2026-42236 n8n: Unauthenticated Denial of Service via MCP Client Registration CWE-770 7.5 -2026-05-04
CVE-2026-42235 n8n: XSS via MCP OAuth client CWE-87 8.8 -2026-05-04
CVE-2026-42234 n8n: Python Task Runner Sandbox Escape CWE-94 9.9 -2026-05-04
CVE-2026-42233 n8n: SQL Injection in Oracle Database Node via Limit Field CWE-89 8.1 -2026-05-04
CVE-2026-42232 n8n: XML Node Prototype Pollution to RCE CWE-1321 8.8 -2026-05-04
CVE-2026-42231 n8n: Prototype Pollution in XML Webhook Body Parser Leads to RCE CWE-1321 9.9 -2026-05-04
CVE-2026-42230 n8n: Open Redirect in MCP OAuth Consent Flow CWE-601 6.1 -2026-05-04
CVE-2026-42229 n8n: SQL Injection in SeaTable Node CWE-89 8.1 -2026-05-04
CVE-2026-42228 n8n: Hijacking of Unauthenticated Chat Execution CWE-862 8.6 -2026-05-04
CVE-2026-42227 n8n: Public API Variables IDOR Allows Cross-Project Secret Disclosure CWE-639 6.5 -2026-05-04
CVE-2026-42226 n8n: Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay CWE-862 8.8 -2026-05-04
CVE-2026-33751 n8n Vulnerable to LDAP Filter Injection in LDAP Node CWE-90 8.2 -2026-03-25
CVE-2026-33749 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering CWE-79 4.6 -2026-03-25
CVE-2026-33724 n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no CWE-639 6.5 -2026-03-25
CVE-2026-33722 n8n Has External Secrets Authorization Bypass in Credential Saving CWE-863 5.3 -2026-03-25
CVE-2026-33720 n8n Has Authorization Bypass in OAuth Callback via N8N_SKIP_AUTH_ON_OAUTH_CALLBACK CWE-863 5.4 -2026-03-25
CVE-2026-33713 n8n Vulnerable to SQL Injection in Data Table Node via orderByColumn Expression CWE-89 8.8 -2026-03-25
CVE-2026-33696 n8n Vulnerable to Prototype Pollution in XML & GSuiteAdmin node parameters lead to RCE CWE-1321 8.8 -2026-03-25
CVE-2026-33665 n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover CWE-287 8.5 -2026-03-25
CVE-2026-33663 n8n Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition CWE-639 6.5 -2026-03-25
CVE-2026-33660 n8n Has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode CWE-94 8.8 -2026-03-25
CVE-2026-27496 n8n has In-Process Memory Disclosure in its Task Runner CWE-908 6.5 -2026-03-25
CVE-2026-27498 n8n has Arbitrary Command Execution via File Write and Git Operations CWE-94 8.8AIHighAI2026-02-25
CVE-2026-27578 n8n Vulnerable to Stored XSS via Various Nodes CWE-80 5.4AIMediumAI2026-02-25
CVE-2026-27577 n8n: Expression Sandbox Escape Leads to RCE CWE-94 9.9AICriticalAI2026-02-25
CVE-2026-27497 n8n has Potential Remote Code Execution via Merge Node CWE-94 8.8AIHighAI2026-02-25
CVE-2026-27495 n8n has a Sandbox Escape in its JavaScript Task Runner CWE-94 8.5AIHighAI2026-02-25
CVE-2026-27494 n8n has Arbitrary File Read via Python Code Node Sandbox Escape CWE-497 9.9AICriticalAI2026-02-25
CVE-2026-27493 n8n has Unauthenticated Expression Evaluation via Form Node CWE-94 9.8AICriticalAI2026-02-25

All 58 known CVE vulnerabilities affecting n8n with full Chinese analysis, references, and POCs where available.