n8n Vulnerabilities

npm AI Agents

AI Threat Alert tracks 116 known vulnerabilities in n8n, 22 rated critical — an AI/ML ai agents in the npm ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
69
Risk Score
116
Total CVEs
22
Critical
npm
Ecosystem
Jun 30, 2026
Last CVE
53%
Patch Rate
7d
Avg Time to Patch
194,300 stars 58,888 forks 1,482 issues Last push Jun 28, 2026
View on GitHub
OpenSSF Scorecard 6.6/10

Known Vulnerabilities (116 total, page 3 of 5)

Severity CVE ID Summary CVSS Published
UNKNOWN CVE-2026-42234 n8n: Python sandbox escape enables container RCE -- Apr 29, 2026 UNKNOWN CVE-2026-42226 n8n: IDOR exposes cross-user API key exfiltration -- Apr 29, 2026 UNKNOWN CVE-2026-42235 n8n: stored XSS via MCP OAuth steals agent sessions -- Apr 29, 2026 UNKNOWN CVE-2026-42231 n8n: prototype pollution → RCE via Git node SSH -- Apr 29, 2026 UNKNOWN CVE-2026-42232 n8n: XML Node prototype pollution → RCE -- Apr 29, 2026 MEDIUM GHSA-wg4g-395p-mqv3 n8n-mcp: credential exposure via HTTP transport logging 4.3 Apr 25, 2026 MEDIUM CVE-2026-41495 n8n-mcp: bearer tokens exposed in HTTP transport logs 5.3 Apr 23, 2026 HIGH GHSA-75hx-xj24-mqrw n8n-mcp: unauthenticated HTTP endpoints enable DoS + recon 8.2 Apr 10, 2026 HIGH GHSA-4ggg-h7ph-26qr n8n-mcp: authenticated SSRF leaks cloud metadata 8.5 Apr 8, 2026 MEDIUM GHSA-q4fm-pjq6-m63g n8n: Stored XSS in Form Trigger enables phishing 5.4 Mar 27, 2026 MEDIUM GHSA-w673-8fjw-457c n8n: stored XSS enables phishing via Form Node 4.1 Mar 27, 2026 MEDIUM GHSA-3c7f-5hgj-h279 n8n: Stored XSS in Chat Trigger via CSS injection 5.4 Mar 27, 2026 MEDIUM GHSA-364x-8g5j-x2pr n8n: stored XSS via malicious OAuth2 Authorization URL 5.4 Mar 27, 2026 MEDIUM CVE-2026-33751 n8n: LDAP injection enables auth bypass in workflows 4.8 Mar 25, 2026 CRITICAL CVE-2026-33749 n8n: stored XSS enables credential theft via workflow 9.0 Mar 25, 2026 HIGH CVE-2026-33724 n8n: SSH MitM enables malicious workflow injection 7.4 Mar 25, 2026 MEDIUM CVE-2026-33722 n8n: secrets vault bypass exposes credentials to low-priv users 5.3 Mar 25, 2026 MEDIUM CVE-2026-33720 n8n: OAuth state forgery hijacks user credentials 4.2 Mar 25, 2026 HIGH CVE-2026-33713 n8n: SQLi in Data Table node, full DB compromise 8.8 Mar 25, 2026 HIGH CVE-2026-33696 n8n: Prototype pollution enables RCE via workflow nodes 8.8 Mar 25, 2026 HIGH CVE-2026-33665 n8n: LDAP email match enables permanent account takeover 8.2 Mar 25, 2026 CRITICAL CVE-2026-33663 n8n: member role steals plaintext HTTP credentials 10.0 Mar 25, 2026 CRITICAL CVE-2026-33660 TensorFlow: type confusion NPD in tensor conversion 10.0 Mar 25, 2026 MEDIUM CVE-2026-27496 n8n: uninitialized buffer leaks secrets via Task Runner 6.5 Mar 25, 2026 MEDIUM CVE-2026-27578 n8n: XSS enables session hijacking 5.4 Feb 25, 2026

Showing 51–75 of 116

Frequently asked questions

What is n8n?

n8n is an AI/ML ai agents tracked by AI Threat Alert for security vulnerabilities in the npm ecosystem.

How many known vulnerabilities does n8n have?

n8n has 116 known CVEs, 22 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is n8n distributed in?

n8n is distributed via the npm ecosystem and categorized as ai agents.

Where does the n8n vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of n8n?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor n8n in your stack

Get instant alerts when new vulnerabilities affect n8n. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring