Vulnerabilities in n8n-io
79 resultsCVE-2026-27495CRITICALn8n has a Sandbox Escape in its JavaScript Task RunnerEPSS 0.6%CVE-2026-25053CRITICALn8n is Vulnerable to OS Command Injection in Git NodeEPSS 0.6%CVE-2026-25115CRITICALn8n is vulnerable to Python sandbox escapeEPSS 0.5%CVE-2026-49465MEDIUMn8n: Git Node Clone and Push Operations Bypass File SandboxEPSS 0.5%CVE-2026-42236HIGHn8n: Unauthenticated Denial of Service via MCP Client RegistrationEPSS 0.5%CVE-2026-42232CRITICALn8n: XML Node Prototype Pollution to RCEEPSS 0.5%CVE-2025-57749MEDIUMn8n has a symlink traversal vulnerability in "Read/Write File" node allows access to restricted filesEPSS 0.4%CVE-2026-21894MEDIUMn8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged WebhooksEPSS 0.4%CVE-2026-33713HIGHn8n Vulnerable to SQL Injection in Data Table Node via orderByColumn ExpressionEPSS 0.4%CVE-2026-54309HIGHn8n: n8n MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control SessionsEPSS 0.4%CVE-2026-54310MEDIUMn8n: SQL Injection in Postgres v1/TimesclaeDB NodesEPSS 0.4%CVE-2026-33663HIGHn8n Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community EditionEPSS 0.4%CVE-2026-42228MEDIUMn8n: Hijacking of Unauthenticated Chat ExecutionEPSS 0.4%CVE-2025-49595MEDIUMn8n Vulnerable to Denial of Service via Malformed Binary Data RequestsEPSS 0.4%CVE-2026-42234HIGHn8n: Python Task Runner Sandbox EscapeEPSS 0.4%CVE-2026-54314MEDIUMn8n: Denial of Service via ZIP decompression in webhook workflowEPSS 0.4%CVE-2025-61917HIGHn8n Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task RunnerEPSS 0.4%CVE-2026-49444HIGHn8n: Python sandbox escapeEPSS 0.4%CVE-2026-54304HIGHn8n: SecurityScorecard Node Leaks API Token to User-Controlled HostEPSS 0.4%CVE-2026-27494HIGHn8n has Arbitrary File Read via Python Code Node Sandbox EscapeEPSS 0.4%