AI Threat Alert

n8n Vulnerabilities

npm AI Agents

69

Risk Score

86

Total CVEs

21

Critical

npm

Ecosystem

May 19, 2026

Last CVE

45%

Patch Rate

3d

Avg Time to Patch

188,231 stars 57,712 forks 1,496 issues 16 dependents Last push May 16, 2026

OpenSSF Scorecard 6.1/10

Known Vulnerabilities (86 total, page 2 of 4)

Severity CVE ID Summary CVSS Published

MEDIUM GHSA-wg4g-395p-mqv3 n8n-mcp: credential exposure via HTTP transport logging 4.3 Apr 25, 2026 MEDIUM CVE-2026-41495 n8n-mcp: bearer tokens exposed in HTTP transport logs 5.3 Apr 23, 2026 HIGH GHSA-75hx-xj24-mqrw n8n-mcp: unauthenticated HTTP endpoints enable DoS + recon 8.2 Apr 10, 2026 HIGH GHSA-4ggg-h7ph-26qr n8n-mcp: authenticated SSRF leaks cloud metadata 8.5 Apr 8, 2026 MEDIUM GHSA-q4fm-pjq6-m63g n8n: Stored XSS in Form Trigger enables phishing 5.4 Mar 27, 2026 MEDIUM GHSA-w673-8fjw-457c n8n: stored XSS enables phishing via Form Node 4.1 Mar 27, 2026 MEDIUM GHSA-3c7f-5hgj-h279 n8n: Stored XSS in Chat Trigger via CSS injection 5.4 Mar 27, 2026 MEDIUM GHSA-364x-8g5j-x2pr n8n: stored XSS via malicious OAuth2 Authorization URL 5.4 Mar 27, 2026 MEDIUM CVE-2026-33751 n8n: LDAP injection enables auth bypass in workflows 4.8 Mar 25, 2026 CRITICAL CVE-2026-33749 n8n: stored XSS enables credential theft via workflow 9.0 Mar 25, 2026 HIGH CVE-2026-33724 n8n: SSH MitM enables malicious workflow injection 7.4 Mar 25, 2026 MEDIUM CVE-2026-33722 n8n: secrets vault bypass exposes credentials to low-priv users 5.3 Mar 25, 2026 MEDIUM CVE-2026-33720 n8n: OAuth state forgery hijacks user credentials 4.2 Mar 25, 2026 HIGH CVE-2026-33713 n8n: SQLi in Data Table node, full DB compromise 8.8 Mar 25, 2026 HIGH CVE-2026-33696 n8n: Prototype pollution enables RCE via workflow nodes 8.8 Mar 25, 2026 HIGH CVE-2026-33665 n8n: LDAP email match enables permanent account takeover 8.2 Mar 25, 2026 CRITICAL CVE-2026-33663 n8n: member role steals plaintext HTTP credentials 10.0 Mar 25, 2026 CRITICAL CVE-2026-33660 TensorFlow: type confusion NPD in tensor conversion 10.0 Mar 25, 2026 MEDIUM CVE-2026-27496 n8n: uninitialized buffer leaks secrets via Task Runner 6.5 Mar 25, 2026 MEDIUM CVE-2026-27578 n8n: XSS enables session hijacking 5.4 Feb 25, 2026 CRITICAL CVE-2026-27577 n8n: Code Injection enables RCE 9.9 Feb 25, 2026 HIGH CVE-2026-27498 n8n: Code Injection enables RCE 8.8 Feb 25, 2026 HIGH CVE-2026-27497 n8n: SQL Injection exposes database 8.8 Feb 25, 2026 CRITICAL CVE-2026-27495 n8n: Code Injection enables RCE 9.9 Feb 25, 2026 CRITICAL CVE-2026-27494 n8n: security flaw enables exploitation 9.9 Feb 25, 2026

Showing 26–50 of 86

← Previous Next →

Monitor n8n in your stack

Get instant alerts when new vulnerabilities affect n8n. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring