N8n

An authenticated user with workflow creation/modification permissions in n8n can achieve remote code execution (RCE) via global prototype pollution in the HTTP Request node due to an unvalidated pagination parameter, as tracked by CVE-2026-44789.

An authenticated user with workflow creation or modification permissions can inject CLI flags into the Git node's Push operation, leading to arbitrary file read on the n8n server; patched in versions 1.123.43, 2.20.7, and 2.22.1, and tracked as CVE-2026-44790.

An authenticated n8n user with workflow creation privileges can bypass a previous patch for XML node prototype pollution, potentially leading to remote code execution on the n8n host when combined with other nodes; patched in versions 1.123.43, 2.20.7, and 2.22.1.

An authenticated, remote attacker can exploit multiple vulnerabilities in n8n to execute arbitrary code, bypass security measures, conduct SQL injection attacks, manipulate data, or disclose sensitive information.

A vulnerability in n8n allows authenticated users with workflow creation permissions to achieve remote code execution (RCE) through global prototype pollution via the XML Node in versions prior to 1.123.32, versions 2.17.0 to 2.17.4, and versions 2.18.0 to 2.18.1.

n8n is vulnerable to cross-site scripting (XSS) via a malicious MCP OAuth client, allowing an unauthenticated attacker to inject arbitrary JavaScript into an authenticated user's session.

A prototype pollution vulnerability in n8n's XML webhook parser, exploitable by authenticated users, can lead to remote code execution on the n8n host.

Multiple vulnerabilities in n8n can be exploited by an attacker to execute arbitrary code, bypass security measures, disclose sensitive information, conduct SQL injection attacks, cause denial-of-service, perform cross-site scripting, redirect users, or hijack sessions.

Threat actors are abusing the n8n AI workflow automation platform to deliver malware and fingerprint devices via phishing campaigns, bypassing traditional security filters by leveraging trusted infrastructure.

Multiple critical vulnerabilities in n8n, including prototype pollution, code injection, and SQL injection, allow authenticated users to achieve remote code execution, read sensitive files, and perform unauthorized database operations.

A prototype pollution vulnerability in the n8n GSuiteAdmin node allows authenticated users with workflow creation/modification permissions to achieve remote code execution (RCE) by injecting attacker-controlled values into `Object.prototype`.

An authenticated user with workflow creation/modification permissions can exploit insufficient restrictions in the n8n Merge node's AlaSQL sandbox to achieve remote code execution by reading local files or executing commands on the n8n host.

Multiple critical vulnerabilities in n8n versions prior to 2.10.1, 2.9.3, and 1.123.22 enable authenticated users to execute arbitrary code and system commands, potentially leading to full system compromise.

An authenticated server-side request forgery (SSRF) vulnerability affects the webhook trigger tools and the n8n API client in n8n-mcp versions 2.18.7 to before 2.50.2, allowing attackers to make HTTP requests from the n8n-mcp host to internal services and cloud metadata endpoints, potentially leading to credential theft and internal service enumeration.

A credential authorization bypass vulnerability in n8n versions before 2.18.0 allows an authenticated user with access to a shared workflow to supply a foreign credential ID, causing the backend to decrypt and use that credential against attacker-controlled infrastructure, leading to API key exfiltration.

n8n is vulnerable to an unauthenticated denial of service (DoS) attack due to missing resource controls in the MCP OAuth client registration endpoint, allowing an attacker to exhaust server memory by sending large registration payloads, leading to service unavailability; this is resolved in versions 1.123.32, 2.17.4, and 2.18.1 and tracked as CVE-2026-42236.