n8n Vulnerabilities

npm AI Agents

AI Threat Alert tracks 116 known vulnerabilities in n8n, 22 rated critical — an AI/ML ai agents in the npm ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
69
Risk Score
116
Total CVEs
22
Critical
npm
Ecosystem
Jun 30, 2026
Last CVE
53%
Patch Rate
7d
Avg Time to Patch
194,300 stars 58,888 forks 1,482 issues Last push Jun 28, 2026
View on GitHub
OpenSSF Scorecard 6.6/10

Known Vulnerabilities (116 total, page 2 of 5)

Severity CVE ID Summary CVSS Published
MEDIUM CVE-2026-54308 n8n: unauthed webhook bypass hijacks AI agent workflows -- Jun 16, 2026 HIGH CVE-2026-54301 n8n: XSS via CSP bypass steals user sessions -- Jun 16, 2026 MEDIUM CVE-2026-54306 n8n: webhook prototype pollution enables confused deputy -- Jun 16, 2026 UNKNOWN CVE-2026-54311 n8n: prototype pollution leaks cross-user workflow data -- Jun 16, 2026 HIGH CVE-2026-48146 Budibase: SSRF in OAuth2 exposes cloud credentials 7.7 Jun 12, 2026 CRITICAL GHSA-3875-8gcx-7v46 n8n: SSRF bypasses credential domain restrictions 9.1 May 19, 2026 MEDIUM GHSA-2vx9-7wpg-88jq n8n: path traversal bypasses file access restriction 6.4 May 19, 2026 HIGH CVE-2026-45707 n8n-mcp: tenant isolation bypass, operator RCE risk 8.1 May 18, 2026 MEDIUM CVE-2026-45582 n8n-mcp: telemetry leak exposes workflow URL secrets 6.5 May 18, 2026 HIGH CVE-2026-45548 @budibase/server: SSRF in AI Extract bypasses IP blacklist 7.7 May 15, 2026 CRITICAL CVE-2026-44789 n8n: prototype pollution in HTTP node enables RCE 9.9 May 14, 2026 HIGH CVE-2026-44790 n8n: Git node arg injection enables full server compromise 8.8 May 14, 2026 CRITICAL CVE-2026-44791 n8n: XML node patch bypass enables host RCE 9.9 May 14, 2026 CRITICAL CVE-2026-44792 n8n: SQL injection via poisoned Source Control git repo 9.0 May 14, 2026 HIGH CVE-2026-45732 n8n: OAuth token hijack via credential permission bypass 8.1 May 14, 2026 UNKNOWN CVE-2026-44694 n8n-MCP: SSRF allows internal network access via webhook tools -- May 8, 2026 HIGH GHSA-8g7g-hmwm-6rv2 n8n-mcp: path traversal + SSRF exposes n8n API keys 8.3 May 8, 2026 HIGH CVE-2026-42449 n8n-mcp: SSRF bypass via IPv6 leaks API keys 8.5 Apr 30, 2026 UNKNOWN CVE-2026-42237 n8n: SQL injection in Snowflake/MySQL nodes bypasses fix -- Apr 29, 2026 UNKNOWN CVE-2026-42233 n8n: SQL injection in Oracle node allows data exfiltration -- Apr 29, 2026 UNKNOWN CVE-2026-42230 n8n: MCP OAuth open redirect enables phishing -- Apr 29, 2026 UNKNOWN CVE-2026-42229 n8n: SQL injection in SeaTable node leaks restricted rows -- Apr 29, 2026 UNKNOWN CVE-2026-42228 n8n: WebSocket auth bypass hijacks AI agent workflows -- Apr 29, 2026 UNKNOWN CVE-2026-42236 n8n: unauthenticated MCP endpoint causes memory DoS -- Apr 29, 2026 UNKNOWN CVE-2026-42227 n8n: IDOR leaks cross-project variables via API key -- Apr 29, 2026

Showing 26–50 of 116

Frequently asked questions

What is n8n?

n8n is an AI/ML ai agents tracked by AI Threat Alert for security vulnerabilities in the npm ecosystem.

How many known vulnerabilities does n8n have?

n8n has 116 known CVEs, 22 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is n8n distributed in?

n8n is distributed via the npm ecosystem and categorized as ai agents.

Where does the n8n vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of n8n?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor n8n in your stack

Get instant alerts when new vulnerabilities affect n8n. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring