n8n vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-33665Highn8n: n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account TakeoverCVE-2026-33663Highn8n: n8n is Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in…CVE-2026-33660Criticaln8n: n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL ModeCVE-2026-27496Highn8n: n8n has In-Process Memory Disclosure in its Task RunnerGHSA-38C7-23HJ-2WGQMediumn8n: n8n has Webhook Forgery on Zendesk Trigger NodeGHSA-FVFV-PPW4-7H2WMediumn8n: n8n has a Guardrail Node BypassGHSA-JH8H-6C9Q-7GMWMediumn8n: n8n has an Authentication Bypass in its Chat Trigger NodeGHSA-VJF3-2GPJ-233VMediumn8n: n8n has an SSO Enforcement Bypass in its Self-Service Settings APICVE-2026-56357Mediumn8n: n8n: Webhook Forgery on Github Webhook TriggerCVE-2026-56351Mediumn8n: n8n: SQL Injection in MySQL, PostgreSQL, and Microsoft SQL nodesCVE-2026-27578Highn8n: n8n Vulnerable to Stored XSS via Various NodesCVE-2026-27577Criticaln8n: n8n: Expression Sandbox Escape Leads to RCECVE-2026-27498Criticaln8n: n8n has Arbitrary Command Execution via File Write and Git OperationsCVE-2026-27497Criticaln8n: n8n has Potential Remote Code Execution via Merge NodeCVE-2026-27495Criticaln8n: n8n has a Sandbox Escape in its JavaScript Task RunnerCVE-2026-27494Highn8n: n8n has Arbitrary File Read via Python Code Node Sandbox EscapeCVE-2026-27493Criticaln8n: n8n has Unauthenticated Expression Evaluation via Form NodeCVE-2026-25631Mediumn8n: n8n's domain allowlist bypass enables credential exfiltrationCVE-2026-25115Criticaln8n: n8n has a Python sandbox escapeCVE-2026-25056Criticaln8n: n8n Merge Node has Arbitrary File Write leading to RCECVE-2026-25055Highn8n: n8n Vulnerable to Arbitrary File Write on Remote Systems via SSH NodeCVE-2026-25054Highn8n: n8n Has Stored Cross-site Scripting via Markdown Rendering in Workflow UICVE-2026-25053Criticaln8n: n8n has OS Command Injection in Git NodeCVE-2026-25052Criticaln8n: n8n's Improper File Access Controls Allow Arbitrary File Read by Authenticated UsersCVE-2026-25051Highn8n: n8n's Improper CSP Enforcement in Webhook Responses May Allow Stored XSS

Stop the waste.
Protect your environment with Kodem.