CRITICAL9.9CVE-2025-68613⚠ KEVn8n Vulnerable to Remote Code Execution via Expression Injection >= 0.211.0, < 1.120.4
CRITICAL10.0CVE-2026-42231n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE from 0, < 1.123.32
CRITICAL10.0CVE-2026-21858n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling >= 1.65.0, < 1.121.0
CRITICAL9.9n8n has XML Node Prototype Pollution that to RCE
>= 2.18.0, < 2.18.1
CRITICAL9.9n8n has SQL Injection in Data Table Node via orderByColumn Expression
from 0, < 1.123.26
CRITICAL9.9n8n: Prototype Pollution in XML and GSuiteAdmin node parameters lead to RCE
>= 2.14.0, < 2.14.1
CRITICAL9.9n8n is Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition
from 0, < 1.123.27
CRITICAL9.9n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode
>= 2.14.0, < 2.14.1
CRITICAL9.9n8n: Expression Sandbox Escape Leads to RCE
from 0, < 1.123.22
CRITICAL9.9n8n has Potential Remote Code Execution via Merge Node
from 0, < 1.123.22
CRITICAL9.9n8n has Arbitrary File Read via Python Code Node Sandbox Escape
from 0, < 1.123.22
CRITICAL9.9n8n has a Python sandbox escape
from 0, < 2.4.8
CRITICAL9.9n8n Unsafe Workflow Expression Evaluation Allows Remote Code Execution
from 0, < 1.123.17
CRITICAL9.9n8n Vulnerable to RCE via Arbitrary File Write
>= 0.123.0, < 1.121.3
CRITICAL9.9n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node
>= 1.0.0, < 2.0.0
CRITICAL9.8n8n has SQL Injection in Oracle Database Node via Limit Field
from 0, < 1.123.32
CRITICAL9.0n8n has Unauthenticated Expression Evaluation via Form Node
from 0, < 1.123.22
HIGH8.9n8n Vulnerable to XSS via Binary Data Inline HTML Rendering
from 0, < 1.123.27
HIGH8.8n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook
from 0, < 1.113.0
HIGH8.8n8n Privilege Escalation vulnerability
from 0, < 0.216.1
HIGH8.7Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source
>= 1.77.0, < 1.98.2
HIGH8.5n8n's Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay
>= 2.17.0, < 2.17.5
HIGH8.5n8n has Arbitrary Command Execution via File Write and Git Operations
from 0, < 1.123.8
HIGH8.2n8n Vulnerable to XSS via MCP OAuth client
from 0, < 1.123.32
HIGH8.2n8n has SQL Injection in Snowflake and MySQL Nodes
from 0, < 1.123.32
HIGH8.2n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover
>= 2.0.0-rc.0, < 2.4.0
HIGH7.7n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure
from 0, < 1.123.32
HIGH7.7n8n's Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner
>= 1.65.0, < 1.114.3
HIGH7.5n8n has a Python Task Runner Sandbox Escape Vulnerability
from 0, < 1.123.32
HIGH7.5n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration
from 0, < 1.123.32
HIGH7.5n8n Information Disclosure vulnerability
from 0, < 0.216.1
HIGH7.3n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox
from 0, < 1.114.0
HIGH7.1Self-hosted n8n has Legacy Code node that enables arbitrary file read/write
>= 1.2.1, < 2.0.0
MEDIUM6.8n8n has SQL Injection in SeaTable Node
from 0, < 1.123.32
MEDIUM6.5n8n has In-Process Memory Disclosure in its Task Runner
from 0, < 1.123.22
MEDIUM6.5n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks
>= 0.150.0, < 2.2.2
MEDIUM6.5n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
from 0, < 1.106.0
MEDIUM6.5n8n Directory Traversal vulnerability
from 0, < 0.216.1
MEDIUM6.3n8n Has External Secrets Authorization Bypass in Credential Saving
from 0, < 1.123.23
MEDIUM5.4n8n Vulnerable to Hijacking of Unauthenticated Chat Execution
from 0, < 1.123.32
MEDIUM5.4n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no
from 0, < 2.5.0
MEDIUM5.4n8n Vulnerable to Stored XSS via Various Nodes
from 0, < 1.123.22
MEDIUM5.3n8n: Webhook Node IP Whitelist Bypass via Partial String Matching
>= 1.36.0, < 2.2.0
MEDIUM5.0n8n Vulnerable to Stored XSS through Attachments View Endpoint
from 0, < 1.90.0
MEDIUM4.9n8n Vulnerable to Denial of Service via Malformed Binary Data Requests
from 0, < 1.99.0
MEDIUM4.8n8n Vulnerable to LDAP Filter Injection in LDAP Node
from 0, < 1.123.27
MEDIUM4.7n8n has Open Redirect in MCP OAuth Consent Flow
from 0, < 1.123.32
MEDIUM4.7n8n Has Authorization Bypass in OAuth Callback via N8N_SKIP_AUTH_ON_OAUTH_CALLBACK
from 0, < 2.8.0
MEDIUM4.6n8n allows open redirects via the /signin endpoint
from 0, < 1.98.0
MEDIUM4.3n8n is vulnerable to Improper Authorization through its `/stop` endpoint
from 0, < 1.99.1
MEDIUM4.1Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter
>= 1.24.0, < 1.107.0
—n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints
from 0, < 1.123.43
—n8n Has a Source Control Pull SQL Injection
from 0, < 1.123.43
—n8n Has an XML Node Prototype Pollution Patch Bypass
from 0, < 1.123.43
—n8n Has an Arbitrary File Read via Git Node
from 0, < 1.123.43
—n8n: HTTP Request Node Pagination Prototype Pollution to RCE
from 0, < 1.123.43
—n8n has a Sandbox Escape in its JavaScript Task Runner
from 0, < 1.123.22
—n8n's domain allowlist bypass enables credential exfiltration
from 0, < 1.121.0
—n8n Merge Node has Arbitrary File Write leading to RCE
from 0, < 1.118.0
—n8n Vulnerable to Arbitrary File Write on Remote Systems via SSH Node
>= 2.0.0, < 2.4.0
—n8n Has Stored Cross-site Scripting via Markdown Rendering in Workflow UI
>= 2.0.0, < 2.2.1
—n8n has OS Command Injection in Git Node
>= 2.0.0, < 2.5.0
—n8n's Improper File Access Controls Allow Arbitrary File Read by Authenticated Users
>= 2.0.0, < 2.5.0
—n8n's Improper CSP Enforcement in Webhook Responses May Allow Stored XSS
>= 1.123.0, < 1.123.2
—n8n Has Expression Escape Vulnerability Leading to RCE
from 0, < 1.123.17
—n8n Vulnerable to Command Injection in Community Package Installation
>= 0.187.0, < 1.120.3
—n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook
>= 0.123.1, < 1.119.2