N8n Security Vulnerabilities (CVEs)
Track 30 security vulnerabilities affecting N8n products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability allows authenticated users with workflow creation/modification permissions in n8n to achieve remote code execution by chaining file...
Feb 25, 2026This CVE describes a cross-site scripting (XSS) vulnerability in n8n workflow automation platform where authenticated users with workflow creation/mod...
Feb 25, 2026This vulnerability in n8n allows authenticated users with workflow creation/modification permissions to escape the JavaScript Task Runner sandbox and ...
Feb 25, 2026This CVE describes a second-order expression injection vulnerability in n8n's Form nodes that could allow unauthenticated attackers to inject and eval...
Feb 25, 2026This vulnerability in n8n's HTTP Request node allows authenticated attackers to bypass credential domain validation and send requests with credentials...
Feb 6, 2026A command injection vulnerability in n8n's community package installation functionality allows authenticated administrators to execute arbitrary syste...
Feb 4, 2026This vulnerability in n8n workflow automation platform allows authenticated users with workflow creation/modification permissions to read sensitive fi...
Feb 4, 2026This vulnerability in n8n workflow automation platform allows authenticated users with workflow creation/modification permissions to execute arbitrary...
Feb 4, 2026This Cross-Site Scripting (XSS) vulnerability in n8n allows authenticated users with workflow permissions to inject malicious scripts into markdown co...
Feb 4, 2026This vulnerability in n8n workflow automation platform allows attackers to write files to unintended locations on remote systems via SSH nodes, potent...
Feb 4, 2026This vulnerability in n8n's Merge node allows authenticated users with workflow creation/modification permissions to write arbitrary files to the serv...
Feb 4, 2026This vulnerability in n8n's Python Code node allows authenticated users to escape the Python sandbox and execute arbitrary code on the underlying syst...
Feb 4, 2026This vulnerability allows authenticated users with workflow creation/modification permissions in n8n to execute arbitrary system commands on the host ...
Feb 4, 2026An authenticated user with workflow creation/modification permissions in n8n can exploit a Cross-Site Scripting (XSS) vulnerability by crafting malici...
Feb 4, 2026This vulnerability in n8n workflow automation platform allows uninitialized memory allocation via Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in...
Feb 4, 2026This critical vulnerability in n8n's workflow Expression evaluation system allows authenticated users to execute arbitrary code on the server. Attacke...
Jan 27, 2026This vulnerability allows attackers to bypass IP whitelist restrictions in n8n's Webhook node by using IP addresses that contain whitelisted entries a...
Jan 13, 2026This CVE describes an authentication bypass vulnerability in n8n's Stripe Trigger node that allows unauthenticated attackers to trigger workflows by s...
Jan 8, 2026This vulnerability allows authenticated attackers to execute arbitrary code on n8n workflow automation platforms, leading to full system compromise. I...
Jan 8, 2026This vulnerability in n8n workflow automation platform allows unauthenticated remote attackers to execute certain form-based workflows that can access...
Jan 8, 2026This CVE describes a sandbox bypass vulnerability in n8n's Python Code Node that allows authenticated users with workflow creation/modification permis...
Dec 26, 2025In self-hosted n8n instances prior to version 2.0.0, authenticated users with workflow editing access can exploit the Code node's legacy JavaScript ex...
Dec 26, 2025This stored XSS vulnerability in n8n allows attackers with workflow creation permissions to execute arbitrary JavaScript in the n8n editor interface. ...
Dec 26, 2025This vulnerability allows remote code execution (RCE) in n8n workflow automation platform by exploiting Git pre-commit hooks. Attackers who can create...
Dec 9, 2025This stored XSS vulnerability in n8n's LangChain Chat Trigger node allows authorized users to inject malicious JavaScript into public chat URLs. When ...
Sep 15, 2025This vulnerability in n8n-workflows allows attackers to perform directory traversal attacks through the download_workflow function in api_server.py. A...
Aug 26, 2025A symlink traversal vulnerability in n8n's Read/Write File node allows attackers to bypass directory restrictions. By creating symbolic links, attacke...
Aug 20, 2025A stored Cross-Site Scripting (XSS) vulnerability in n8n's Form Trigger node allows authenticated attackers to inject malicious HTML/JavaScript. This ...
Aug 19, 2025This CVE describes an authorization vulnerability in n8n workflow automation platform where authenticated users can stop workflow executions they don'...
Jul 3, 2025CVE-2023-27563 is a privilege escalation vulnerability in n8n workflow automation software that allows authenticated users to gain administrative priv...
May 10, 2023Why Monitor N8n Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 30+ known vulnerabilities affecting N8n products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable N8n packages in under 60 seconds. No agents required - completely agentless scanning that works across N8n deployments.
Free vulnerability database: Access detailed information about every N8n CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new N8n CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
