Vulnerability-Lookup

WID-SEC-W-2026-0318

Vulnerability from csaf_certbund - Published: 2026-02-04 23:00 - Updated: 2026-02-05 23:00

Summary

n8n: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

n8n ist ein Workflow-Automatisierungstool, mit dem verschiedene Anwendungen und Dienste miteinander verbunden werden können, um Aufgaben zu automatisieren.

Angriff

Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in n8n ausnutzen, um beliebigen Code auszuführen, sich erhöhte Berechtigungen zu verschaffen, Cross-Site-Scripting-Angriffe durchzuführen und vertrauliche Informationen offenzulegen. Über einige dieser Schwachstellen sind weitere Angriffe möglich, wie beispielsweise die Übernahme von Konten, das Hijacking von Sitzungen und die vollständige Kompromittierung des Systems.

Betroffene Betriebssysteme

- Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "n8n ist ein Workflow-Automatisierungstool, mit dem verschiedene Anwendungen und Dienste miteinander verbunden werden k\u00f6nnen, um Aufgaben zu automatisieren.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter oder anonymer  Angreifer kann mehrere Schwachstellen in n8n ausnutzen, um beliebigen Code auszuf\u00fchren, sich erh\u00f6hte Berechtigungen zu verschaffen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren und vertrauliche Informationen offenzulegen. \u00dcber einige dieser Schwachstellen sind weitere Angriffe m\u00f6glich, wie beispielsweise die \u00dcbernahme von Konten, das Hijacking von Sitzungen und die vollst\u00e4ndige Kompromittierung des Systems.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0318 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0318.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0318 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0318"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-7c4h-vh2m-743m"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/advisories/GHSA-49mx-fj45-q3p6"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-8398-gmmx-564h"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-hv53-3329-vmrm"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-m82q-59gv-mcr9"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/advisories/GHSA-qpq4-pw7f-pp8w"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-9g95-qf3f-ggrw"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-gfvg-qv54-r4pc"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-825q-w924-xhgx"
      },
      {
        "category": "external",
        "summary": "PoC CVE-2026-25049 vom 2026-02-04",
        "url": "https://www.pillar.security/blog/n8n-sandbox-escape-critical-vulnerabilities-in-n8n-exposes-hundreds-of-thousands-of-enterprise-ai-systems-to-complete-takeover"
      }
    ],
    "source_lang": "en-US",
    "title": "n8n: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-02-05T23:00:00.000+00:00",
      "generator": {
        "date": "2026-02-05T14:24:22.187+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0318",
      "initial_release_date": "2026-02-04T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-02-04T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-02-05T23:00:00.000+00:00",
          "number": "2",
          "summary": "doppelte Eintragung bereinigt"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.4.8",
                "product": {
                  "name": "n8n n8n \u003c2.4.8",
                  "product_id": "T050537"
                }
              },
              {
                "category": "product_version",
                "name": "2.4.8",
                "product": {
                  "name": "n8n n8n 2.4.8",
                  "product_id": "T050537-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:2.4.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.120.3",
                "product": {
                  "name": "n8n n8n \u003c1.120.3",
                  "product_id": "T050538"
                }
              },
              {
                "category": "product_version",
                "name": "1.120.3",
                "product": {
                  "name": "n8n n8n 1.120.3",
                  "product_id": "T050538-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.120.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.5.0",
                "product": {
                  "name": "n8n n8n \u003c2.5.0",
                  "product_id": "T050539"
                }
              },
              {
                "category": "product_version",
                "name": "2.5.0",
                "product": {
                  "name": "n8n n8n 2.5.0",
                  "product_id": "T050539-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:2.5.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.123.10",
                "product": {
                  "name": "n8n n8n \u003c1.123.10",
                  "product_id": "T050540"
                }
              },
              {
                "category": "product_version",
                "name": "1.123.10",
                "product": {
                  "name": "n8n n8n 1.123.10",
                  "product_id": "T050540-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.123.10"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.5.2",
                "product": {
                  "name": "n8n n8n \u003c2.5.2",
                  "product_id": "T050541"
                }
              },
              {
                "category": "product_version",
                "name": "2.5.2",
                "product": {
                  "name": "n8n n8n 2.5.2",
                  "product_id": "T050541-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:2.5.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.123.17",
                "product": {
                  "name": "n8n n8n \u003c1.123.17",
                  "product_id": "T050542"
                }
              },
              {
                "category": "product_version",
                "name": "1.123.17",
                "product": {
                  "name": "n8n n8n 1.123.17",
                  "product_id": "T050542-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.123.17"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.114.3",
                "product": {
                  "name": "n8n n8n \u003c1.114.3",
                  "product_id": "T050543"
                }
              },
              {
                "category": "product_version",
                "name": "1.114.3",
                "product": {
                  "name": "n8n n8n 1.114.3",
                  "product_id": "T050543-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.114.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.4.0",
                "product": {
                  "name": "n8n n8n \u003c2.4.0",
                  "product_id": "T050544"
                }
              },
              {
                "category": "product_version",
                "name": "2.4.0",
                "product": {
                  "name": "n8n n8n 2.4.0",
                  "product_id": "T050544-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:2.4.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.118.0",
                "product": {
                  "name": "n8n n8n \u003c1.118.0",
                  "product_id": "T050545"
                }
              },
              {
                "category": "product_version",
                "name": "1.118.0",
                "product": {
                  "name": "n8n n8n 1.118.0",
                  "product_id": "T050545-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.118.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.123.12",
                "product": {
                  "name": "n8n n8n \u003c1.123.12",
                  "product_id": "T050546"
                }
              },
              {
                "category": "product_version",
                "name": "1.123.12",
                "product": {
                  "name": "n8n n8n 1.123.12",
                  "product_id": "T050546-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.123.12"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.123.18",
                "product": {
                  "name": "n8n n8n \u003c1.123.18",
                  "product_id": "T050547"
                }
              },
              {
                "category": "product_version",
                "name": "1.123.18",
                "product": {
                  "name": "n8n n8n 1.123.18",
                  "product_id": "T050547-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.123.18"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.2.1",
                "product": {
                  "name": "n8n n8n \u003c2.2.1",
                  "product_id": "T050548"
                }
              },
              {
                "category": "product_version",
                "name": "2.2.1",
                "product": {
                  "name": "n8n n8n 2.2.1",
                  "product_id": "T050548-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:2.2.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.123.9",
                "product": {
                  "name": "n8n n8n \u003c1.123.9",
                  "product_id": "T050549"
                }
              },
              {
                "category": "product_version",
                "name": "1.123.9",
                "product": {
                  "name": "n8n n8n 1.123.9",
                  "product_id": "T050549-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.123.9"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.123.2",
                "product": {
                  "name": "n8n n8n \u003c1.123.2",
                  "product_id": "T050550"
                }
              },
              {
                "category": "product_version",
                "name": "1.123.2",
                "product": {
                  "name": "n8n n8n 1.123.2",
                  "product_id": "T050550-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.123.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "n8n"
          }
        ],
        "category": "vendor",
        "name": "n8n"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-61917",
      "product_status": {
        "known_affected": [
          "T050543"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2025-61917"
    },
    {
      "cve": "CVE-2026-25049",
      "product_status": {
        "known_affected": [
          "T050543",
          "T050542",
          "T050545",
          "T050544",
          "T050550",
          "T050541",
          "T050540",
          "T050539",
          "T050546",
          "T050538",
          "T050549",
          "T050537",
          "T050548"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25049"
    },
    {
      "cve": "CVE-2026-25051",
      "product_status": {
        "known_affected": [
          "T050538",
          "T050543",
          "T050545",
          "T050550"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25051"
    },
    {
      "cve": "CVE-2026-25052",
      "product_status": {
        "known_affected": [
          "T050543",
          "T050542",
          "T050545",
          "T050544",
          "T050550",
          "T050540",
          "T050539",
          "T050547",
          "T050546",
          "T050538",
          "T050549",
          "T050537",
          "T050548"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25052"
    },
    {
      "cve": "CVE-2026-25053",
      "product_status": {
        "known_affected": [
          "T050539",
          "T050538",
          "T050549",
          "T050537",
          "T050548",
          "T050543",
          "T050545",
          "T050544",
          "T050550",
          "T050540"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25053"
    },
    {
      "cve": "CVE-2026-25054",
      "product_status": {
        "known_affected": [
          "T050538",
          "T050549",
          "T050548",
          "T050543",
          "T050545",
          "T050550"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25054"
    },
    {
      "cve": "CVE-2026-25055",
      "product_status": {
        "known_affected": [
          "T050546",
          "T050538",
          "T050549",
          "T050548",
          "T050543",
          "T050545",
          "T050544",
          "T050550"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25055"
    },
    {
      "cve": "CVE-2026-25056",
      "product_status": {
        "known_affected": [
          "T050548",
          "T050543",
          "T050545",
          "T050544"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25056"
    },
    {
      "cve": "CVE-2026-25115",
      "product_status": {
        "known_affected": [
          "T050548",
          "T050537"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25115"
    },
    {
      "cve": "CVE-2026-21893",
      "product_status": {
        "known_affected": [
          "T050538",
          "T050543",
          "T050545"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-21893"
    }
  ]
}

CVE-2026-25056 (GCVE-0-2026-25056)

Vulnerability from cvelistv5 – Published: 2026-02-04 16:47 – Updated: 2026-02-05 14:33

Title

n8n Arbitrary File Write leading to RCE in n8n Merge Node

Summary

n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remote code execution. This issue has been patched in versions 1.118.0 and 2.4.0.

Severity ?

9.4 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-434 - Unrestricted Upload of File with Dangerous Type
CWE-693 - Protection Mechanism Failure

Assigner

GitHub_M

References

URL

Tags

https://github.com/n8n-io/n8n/security/advisories…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n8n-io	n8n	Affected: < 1.118.0 Affected: < 2.4.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25056",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-05T14:23:17.587687Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-05T14:33:28.230Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n8n",
          "vendor": "n8n-io",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.118.0"
            },
            {
              "status": "affected",
              "version": "\u003c 2.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node\u0027s SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server\u0027s filesystem potentially leading to remote code execution. This issue has been patched in versions 1.118.0 and 2.4.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-693",
              "description": "CWE-693: Protection Mechanism Failure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T16:47:55.170Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/n8n-io/n8n/security/advisories/GHSA-hv53-3329-vmrm",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-hv53-3329-vmrm"
        }
      ],
      "source": {
        "advisory": "GHSA-hv53-3329-vmrm",
        "discovery": "UNKNOWN"
      },
      "title": "n8n Arbitrary File Write leading to RCE in n8n Merge Node"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-25056",
    "datePublished": "2026-02-04T16:47:55.170Z",
    "dateReserved": "2026-01-28T14:50:47.888Z",
    "dateUpdated": "2026-02-05T14:33:28.230Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25051 (GCVE-0-2026-25051)

Vulnerability from cvelistv5 – Published: 2026-02-04 16:46 – Updated: 2026-02-05 14:36

Title

n8n Improper CSP Enforcement in Webhook Responses May Allow Stored XSS

Summary

n8n is an open source workflow automation platform. Prior to version 1.123.2, a Cross-Site Scripting (XSS) vulnerability has been identified in the handling of webhook responses and related HTTP endpoints. Under certain conditions, the Content Security Policy (CSP) sandbox protection intended to isolate HTML responses may not be applied correctly. An authenticated user with permission to create or modify workflows could abuse this to execute malicious scripts with same-origin privileges when other users interact with the crafted workflow. This could lead to session hijacking and account takeover. This issue has been patched in version 1.123.2.

Severity ?

8.5 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/n8n-io/n8n/security/advisories…	x_refsource_CONFIRM
	https://github.com/n8n-io/n8n/commit/ced34c0f93ab…	x_refsource_MISC
	https://github.com/n8n-io/n8n/commit/e8cf4d6bb3af…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n8n-io	n8n	Affected: < 1.123.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25051",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-05T14:20:22.924804Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-05T14:36:06.937Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n8n",
          "vendor": "n8n-io",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.123.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "n8n is an open source workflow automation platform. Prior to version 1.123.2, a Cross-Site Scripting (XSS) vulnerability has been identified in the handling of webhook responses and related HTTP endpoints. Under certain conditions, the Content Security Policy (CSP) sandbox protection intended to isolate HTML responses may not be applied correctly. An authenticated user with permission to create or modify workflows could abuse this to execute malicious scripts with same-origin privileges when other users interact with the crafted workflow. This could lead to session hijacking and account takeover. This issue has been patched in version 1.123.2."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T16:46:53.285Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/n8n-io/n8n/security/advisories/GHSA-825q-w924-xhgx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-825q-w924-xhgx"
        },
        {
          "name": "https://github.com/n8n-io/n8n/commit/ced34c0f93ab4c759a56065965986094d8ef7323",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/n8n-io/n8n/commit/ced34c0f93ab4c759a56065965986094d8ef7323"
        },
        {
          "name": "https://github.com/n8n-io/n8n/commit/e8cf4d6bb3af94dc296cbb67bc3dd20e9b508ac9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/n8n-io/n8n/commit/e8cf4d6bb3af94dc296cbb67bc3dd20e9b508ac9"
        }
      ],
      "source": {
        "advisory": "GHSA-825q-w924-xhgx",
        "discovery": "UNKNOWN"
      },
      "title": "n8n Improper CSP Enforcement in Webhook Responses May Allow Stored XSS"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-25051",
    "datePublished": "2026-02-04T16:46:53.285Z",
    "dateReserved": "2026-01-28T14:50:47.888Z",
    "dateUpdated": "2026-02-05T14:36:06.937Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25054 (GCVE-0-2026-25054)

Vulnerability from cvelistv5 – Published: 2026-02-04 16:47 – Updated: 2026-02-05 14:35

Title

n8n is Vulnerable to Stored Cross-Site Scripting via Markdown Rendering in Workflow UI

Summary

n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting (XSS) vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user with permission to create or modify workflows could abuse this to execute scripts with same-origin privileges when other users interact with a maliciously crafted workflow. This could lead to session hijacking and account takeover. This issue has been patched in versions 1.123.9 and 2.2.1.

Severity ?

8.5 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

CWE

CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

URL

Tags

https://github.com/n8n-io/n8n/security/advisories…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n8n-io	n8n	Affected: < 1.123.9 Affected: < 2.2.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25054",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-05T14:20:21.592259Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-05T14:35:49.261Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n8n",
          "vendor": "n8n-io",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.123.9"
            },
            {
              "status": "affected",
              "version": "\u003c 2.2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting (XSS) vulnerability existed in a markdown rendering component used in n8n\u0027s interface, including workflow sticky notes and other areas that support markdown content. An authenticated user with permission to create or modify workflows could abuse this to execute scripts with same-origin privileges when other users interact with a maliciously crafted workflow. This could lead to session hijacking and account takeover. This issue has been patched in versions 1.123.9 and 2.2.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-80",
              "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T16:47:29.078Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/n8n-io/n8n/security/advisories/GHSA-qpq4-pw7f-pp8w",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-qpq4-pw7f-pp8w"
        }
      ],
      "source": {
        "advisory": "GHSA-qpq4-pw7f-pp8w",
        "discovery": "UNKNOWN"
      },
      "title": "n8n is Vulnerable to Stored Cross-Site Scripting via Markdown Rendering in Workflow UI"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-25054",
    "datePublished": "2026-02-04T16:47:29.078Z",
    "dateReserved": "2026-01-28T14:50:47.888Z",
    "dateUpdated": "2026-02-05T14:35:49.261Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25115 (GCVE-0-2026-25115)

Vulnerability from cvelistv5 – Published: 2026-02-04 16:48 – Updated: 2026-02-05 14:33

Title

n8n is vulnerable to Python sandbox escape

Summary

n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8.

Severity ?

9.4 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-693 - Protection Mechanism Failure

Assigner

GitHub_M

References

URL

Tags

https://github.com/n8n-io/n8n/security/advisories…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n8n-io	n8n	Affected: < 2.4.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25115",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-05T14:23:16.308114Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-05T14:33:23.945Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n8n",
          "vendor": "n8n-io",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.4.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-693",
              "description": "CWE-693: Protection Mechanism Failure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T16:48:03.955Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/n8n-io/n8n/security/advisories/GHSA-8398-gmmx-564h",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-8398-gmmx-564h"
        }
      ],
      "source": {
        "advisory": "GHSA-8398-gmmx-564h",
        "discovery": "UNKNOWN"
      },
      "title": "n8n is vulnerable to Python sandbox escape"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-25115",
    "datePublished": "2026-02-04T16:48:03.955Z",
    "dateReserved": "2026-01-29T14:03:42.539Z",
    "dateUpdated": "2026-02-05T14:33:23.945Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21893 (GCVE-0-2026-21893)

Vulnerability from cvelistv5 – Published: 2026-02-04 17:36 – Updated: 2026-02-04 19:33

Title

n8n Vulnerable to Command Injection in Community Package Installation

Summary

n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system commands on the n8n host under specific conditions. This issue has been patched in version 1.120.3.

Severity ?

9.4 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-20 - Improper Input Validation

Assigner

GitHub_M

References

URL

Tags

	https://github.com/n8n-io/n8n/security/advisories…	x_refsource_CONFIRM
	https://github.com/n8n-io/n8n/commit/ae0669a736cc…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n8n-io	n8n	Affected: >= 0.187.0, < 1.120.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21893",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-04T19:33:16.360319Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-04T19:33:50.547Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n8n",
          "vendor": "n8n-io",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.187.0, \u003c 1.120.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n\u2019s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system commands on the n8n host under specific conditions. This issue has been patched in version 1.120.3."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "HIGH",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T17:36:51.690Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/n8n-io/n8n/security/advisories/GHSA-7c4h-vh2m-743m",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-7c4h-vh2m-743m"
        },
        {
          "name": "https://github.com/n8n-io/n8n/commit/ae0669a736cc496beeb296e115267862727ae838",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/n8n-io/n8n/commit/ae0669a736cc496beeb296e115267862727ae838"
        }
      ],
      "source": {
        "advisory": "GHSA-7c4h-vh2m-743m",
        "discovery": "UNKNOWN"
      },
      "title": "n8n Vulnerable to Command Injection in Community Package Installation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-21893",
    "datePublished": "2026-02-04T17:36:51.690Z",
    "dateReserved": "2026-01-05T17:24:36.929Z",
    "dateUpdated": "2026-02-04T19:33:50.547Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25055 (GCVE-0-2026-25055)

Vulnerability from cvelistv5 – Published: 2026-02-04 16:47 – Updated: 2026-02-05 14:33

Title

n8n Arbitrary File Write on Remote Systems via SSH Node

Summary

n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those remote systems potentially leading to remote code execution on those systems. As a prerequisites an unauthenticated attacker needs knowledge of such workflows existing and the endpoints for file uploads need to be unauthenticated. This issue has been patched in versions 1.123.12 and 2.4.0.

Severity ?

7.1 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

GitHub_M

References

URL

Tags

https://github.com/n8n-io/n8n/security/advisories…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n8n-io	n8n	Affected: < 1.123.12 Affected: < 2.4.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25055",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-05T14:20:20.248981Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-05T14:33:32.501Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n8n",
          "vendor": "n8n-io",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.123.12"
            },
            {
              "status": "affected",
              "version": "\u003c 2.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those remote systems potentially leading to remote code execution on those systems. As a prerequisites an unauthenticated attacker needs knowledge of such workflows existing and the endpoints for file uploads need to be unauthenticated. This issue has been patched in versions 1.123.12 and 2.4.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T16:47:47.239Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/n8n-io/n8n/security/advisories/GHSA-m82q-59gv-mcr9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-m82q-59gv-mcr9"
        }
      ],
      "source": {
        "advisory": "GHSA-m82q-59gv-mcr9",
        "discovery": "UNKNOWN"
      },
      "title": "n8n Arbitrary File Write on Remote Systems via SSH Node"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-25055",
    "datePublished": "2026-02-04T16:47:47.239Z",
    "dateReserved": "2026-01-28T14:50:47.888Z",
    "dateUpdated": "2026-02-05T14:33:32.501Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25052 (GCVE-0-2026-25052)

Vulnerability from cvelistv5 – Published: 2026-02-04 16:47 – Updated: 2026-02-05 14:36

Title

n8n Improper File Access Controls Allow Arbitrary File Read by Authenticated Users

Summary

n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical configuration data and user credentials, leading to complete account takeover of any user on the instance. This issue has been patched in versions 1.123.18 and 2.5.0.

Severity ?

9.4 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Assigner

GitHub_M

References

URL

Tags

https://github.com/n8n-io/n8n/security/advisories…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n8n-io	n8n	Affected: < 1.123.18 Affected: < 2.5.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25052",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-05T14:23:20.144414Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-05T14:36:00.879Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n8n",
          "vendor": "n8n-io",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.123.18"
            },
            {
              "status": "affected",
              "version": "\u003c 2.5.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical configuration data and user credentials, leading to complete account takeover of any user on the instance. This issue has been patched in versions 1.123.18 and 2.5.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T16:47:04.444Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/n8n-io/n8n/security/advisories/GHSA-gfvg-qv54-r4pc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-gfvg-qv54-r4pc"
        }
      ],
      "source": {
        "advisory": "GHSA-gfvg-qv54-r4pc",
        "discovery": "UNKNOWN"
      },
      "title": "n8n Improper File Access Controls Allow Arbitrary File Read by Authenticated Users"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-25052",
    "datePublished": "2026-02-04T16:47:04.444Z",
    "dateReserved": "2026-01-28T14:50:47.888Z",
    "dateUpdated": "2026-02-05T14:36:00.879Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25053 (GCVE-0-2026-25053)

Vulnerability from cvelistv5 – Published: 2026-02-04 16:47 – Updated: 2026-02-05 14:35

Title

n8n is Vulnerable to OS Command Injection in Git Node

Summary

n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been patched in versions 1.123.10 and 2.5.0.

Severity ?

9.4 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

GitHub_M

References

URL

Tags

https://github.com/n8n-io/n8n/security/advisories…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n8n-io	n8n	Affected: < 1.123.10 Affected: < 2.5.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25053",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-05T14:23:18.822033Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-05T14:35:56.358Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n8n",
          "vendor": "n8n-io",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.123.10"
            },
            {
              "status": "affected",
              "version": "\u003c 2.5.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been patched in versions 1.123.10 and 2.5.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T16:47:13.939Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/n8n-io/n8n/security/advisories/GHSA-9g95-qf3f-ggrw",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-9g95-qf3f-ggrw"
        }
      ],
      "source": {
        "advisory": "GHSA-9g95-qf3f-ggrw",
        "discovery": "UNKNOWN"
      },
      "title": "n8n is Vulnerable to OS Command Injection in Git Node"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-25053",
    "datePublished": "2026-02-04T16:47:13.939Z",
    "dateReserved": "2026-01-28T14:50:47.888Z",
    "dateUpdated": "2026-02-05T14:35:56.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61917 (GCVE-0-2025-61917)

Vulnerability from cvelistv5 – Published: 2026-02-04 16:46 – Updated: 2026-02-05 14:36

Title

n8n Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner

Summary

n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process (for example, data from prior requests, tasks, secrets, or tokens), resulting in potential information disclosure. This issue has been patched in version 1.114.3.

Severity ?

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-668 - Exposure of Resource to Wrong Sphere
CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

GitHub_M

References

URL

Tags

	https://github.com/n8n-io/n8n/security/advisories…	x_refsource_CONFIRM
	https://github.com/n8n-io/n8n/commit/2c4c29531997…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n8n-io	n8n	Affected: >= 1.65.0, < 1.114.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61917",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-05T14:20:24.291895Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-05T14:36:13.084Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n8n",
          "vendor": "n8n-io",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.65.0, \u003c 1.114.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process (for example, data from prior requests, tasks, secrets, or tokens), resulting in potential information disclosure. This issue has been patched in version 1.114.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668: Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T16:46:42.633Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/n8n-io/n8n/security/advisories/GHSA-49mx-fj45-q3p6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-49mx-fj45-q3p6"
        },
        {
          "name": "https://github.com/n8n-io/n8n/commit/2c4c2953199733c791f739a40879ae31ca129aba",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/n8n-io/n8n/commit/2c4c2953199733c791f739a40879ae31ca129aba"
        }
      ],
      "source": {
        "advisory": "GHSA-49mx-fj45-q3p6",
        "discovery": "UNKNOWN"
      },
      "title": "n8n Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-61917",
    "datePublished": "2026-02-04T16:46:42.633Z",
    "dateReserved": "2025-10-03T22:21:59.615Z",
    "dateUpdated": "2026-02-05T14:36:13.084Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25049 (GCVE-0-2026-25049)

Vulnerability from cvelistv5 – Published: 2026-02-04 16:46 – Updated: 2026-02-05 14:36

Title

n8n Has an Expression Escape Vulnerability Leading to RCE

Summary

n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue has been patched in versions 1.123.17 and 2.5.2.

Severity ?

9.4 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-913 - Improper Control of Dynamically-Managed Code Resources

Assigner

GitHub_M

References

URL

Tags

	https://github.com/n8n-io/n8n/security/advisories…	x_refsource_CONFIRM
	https://github.com/n8n-io/n8n/commit/7860896909b3…	x_refsource_MISC
	https://github.com/n8n-io/n8n/commit/936c06cfc1ad…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n8n-io	n8n	Affected: < 1.123.17 Affected: < 2.5.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25049",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-05T14:23:21.427676Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-05T14:36:17.819Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n8n",
          "vendor": "n8n-io",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.123.17"
            },
            {
              "status": "affected",
              "version": "\u003c 2.5.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue has been patched in versions 1.123.17 and 2.5.2."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-913",
              "description": "CWE-913: Improper Control of Dynamically-Managed Code Resources",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T16:46:31.124Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8"
        },
        {
          "name": "https://github.com/n8n-io/n8n/commit/7860896909b3d42993a36297f053d2b0e633235d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/n8n-io/n8n/commit/7860896909b3d42993a36297f053d2b0e633235d"
        },
        {
          "name": "https://github.com/n8n-io/n8n/commit/936c06cfc1ad269a89e8ef7f8ac79c104436d54b",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/n8n-io/n8n/commit/936c06cfc1ad269a89e8ef7f8ac79c104436d54b"
        }
      ],
      "source": {
        "advisory": "GHSA-6cqr-8cfr-67f8",
        "discovery": "UNKNOWN"
      },
      "title": "n8n Has an Expression Escape Vulnerability Leading to RCE"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-25049",
    "datePublished": "2026-02-04T16:46:31.124Z",
    "dateReserved": "2026-01-28T14:50:47.888Z",
    "dateUpdated": "2026-02-05T14:36:17.819Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0318

CVE-2026-25056 (GCVE-0-2026-25056)

CVE-2026-25051 (GCVE-0-2026-25051)

CVE-2026-25054 (GCVE-0-2026-25054)

CVE-2026-25115 (GCVE-0-2026-25115)

CVE-2026-21893 (GCVE-0-2026-21893)

CVE-2026-25055 (GCVE-0-2026-25055)

CVE-2026-25052 (GCVE-0-2026-25052)

CVE-2026-25053 (GCVE-0-2026-25053)

CVE-2025-61917 (GCVE-0-2025-61917)

CVE-2026-25049 (GCVE-0-2026-25049)

Tags

Sightings

Nomenclature