Vulnerabilidades em n8n-io
65 resultadosCVE-2026-42236HIGHn8n: Unauthenticated Denial of Service via MCP Client RegistrationEPSS 0.5%CVE-2026-42232CRITICALn8n: XML Node Prototype Pollution to RCEEPSS 0.5%CVE-2025-57749MEDIUMn8n has a symlink traversal vulnerability in "Read/Write File" node allows access to restricted filesEPSS 0.4%CVE-2026-21894MEDIUMn8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged WebhooksEPSS 0.4%CVE-2026-33713HIGHn8n Vulnerable to SQL Injection in Data Table Node via orderByColumn ExpressionEPSS 0.4%CVE-2026-33663HIGHn8n Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community EditionEPSS 0.4%CVE-2026-42228MEDIUMn8n: Hijacking of Unauthenticated Chat ExecutionEPSS 0.4%CVE-2025-49595MEDIUMn8n Vulnerable to Denial of Service via Malformed Binary Data RequestsEPSS 0.4%CVE-2026-42234HIGHn8n: Python Task Runner Sandbox EscapeEPSS 0.4%CVE-2025-61917HIGHn8n Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task RunnerEPSS 0.4%CVE-2026-27494HIGHn8n has Arbitrary File Read via Python Code Node Sandbox EscapeEPSS 0.4%CVE-2025-52478HIGHStored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/sourceEPSS 0.3%CVE-2026-42229MEDIUMn8n: SQL Injection in SeaTable NodeEPSS 0.3%CVE-2026-42235HIGHn8n: XSS via MCP OAuth clientEPSS 0.3%CVE-2026-42233MEDIUMn8n: SQL Injection in Oracle Database Node via Limit FieldEPSS 0.3%CVE-2026-33665HIGHn8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account TakeoverEPSS 0.3%CVE-2026-25052CRITICALn8n Improper File Access Controls Allow Arbitrary File Read by Authenticated UsersEPSS 0.3%CVE-2026-33724MEDIUMn8n's Source Control SSH Configuration Uses StrictHostKeyChecking=noEPSS 0.3%CVE-2026-25631MEDIUMDomain allowlist bypass enables credential exfiltrationEPSS 0.3%CVE-2025-52554MEDIUMn8n Improper Authorization in Workflow Execution Stop Endpoint Allows Terminating Other Users’ WorkflowsEPSS 0.3%