AI Threat Alert

n8n Vulnerabilities

npm AI Agents
69
Risk Score
86
Total CVEs
21
Critical
npm
Ecosystem
May 19, 2026
Last CVE
45%
Patch Rate
3d
Avg Time to Patch
188,231 stars 57,712 forks 1,496 issues 16 dependents Last push May 16, 2026
View on GitHub
OpenSSF Scorecard 6.1/10

Known Vulnerabilities (86 total, page 4 of 4)

Severity CVE ID Summary CVSS Published
HIGH CVE-2025-56265 n8n: unrestricted file upload RCE via Chat Trigger 8.8 Sep 8, 2025 CRITICAL CVE-2025-55526 n8n-workflows: path traversal in download_workflow endpoint 9.1 Aug 26, 2025 MEDIUM CVE-2025-57749 n8n: symlink traversal enables arbitrary file read/write 6.5 Aug 20, 2025 MEDIUM CVE-2025-52478 n8n: Stored XSS enables full account takeover 5.4 Aug 19, 2025 MEDIUM CVE-2025-52554 n8n: broken authz enables cross-user workflow termination 4.3 Jul 3, 2025 MEDIUM CVE-2025-49595 n8n: DoS via empty filesystem URI in binary-data API 4.9 Jul 3, 2025 MEDIUM CVE-2025-49592 n8n: open redirect enables phishing via login flow 5.4 Jun 26, 2025 MEDIUM CVE-2025-46343 n8n: stored XSS enables account takeover 5.4 Apr 29, 2025 HIGH CVE-2023-27564 n8n: unauthenticated info disclosure exposes credentials 7.5 May 10, 2023 HIGH CVE-2023-27563 n8n: privilege escalation exposes full workflow admin 8.8 May 10, 2023 MEDIUM CVE-2023-27562 n8n: path traversal allows arbitrary file read 6.5 May 10, 2023

Showing 76–86 of 86

← Previous

Monitor n8n in your stack

Get instant alerts when new vulnerabilities affect n8n. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring