AI Threat Alert

N8n

50 AI/ML vulnerabilities tracked for N8n.

50

Total CVEs

3

Pages

Page 1 of 3

Current

Severity	CVE	Headline	Package	CVSS
CRITICAL	CVE-2026-27493	n8n: Code Injection enables RCE	n8n	9.0
CRITICAL	CVE-2026-27494	n8n: security flaw enables exploitation	n8n	9.9
CRITICAL	CVE-2026-27495	n8n: Code Injection enables RCE	n8n	9.9
HIGH	CVE-2026-27497	n8n: SQL Injection exposes database	n8n	8.8
HIGH	CVE-2026-27498	n8n: Code Injection enables RCE	n8n	8.8
CRITICAL	CVE-2026-27577	n8n: Code Injection enables RCE	n8n	9.9
MEDIUM	CVE-2026-27578	n8n: XSS enables session hijacking	n8n	5.4
MEDIUM	CVE-2025-58177	n8n: stored XSS in LangChain chat trigger (public)	n8n	5.4
MEDIUM	CVE-2023-27562	n8n: path traversal allows arbitrary file read	n8n	6.5
HIGH	CVE-2023-27563	n8n: privilege escalation exposes full workflow admin	n8n	8.8
HIGH	CVE-2023-27564	n8n: unauthenticated info disclosure exposes credentials	n8n	7.5
MEDIUM	CVE-2025-46343	n8n: stored XSS enables account takeover	n8n	5.4
MEDIUM	CVE-2025-49592	n8n: open redirect enables phishing via login flow	n8n	5.4
MEDIUM	CVE-2025-49595	n8n: DoS via empty filesystem URI in binary-data API	n8n	4.9
MEDIUM	CVE-2025-52554	n8n: broken authz enables cross-user workflow termination	n8n	4.3
MEDIUM	CVE-2025-52478	n8n: Stored XSS enables full account takeover	n8n	5.4
MEDIUM	CVE-2025-57749	n8n: symlink traversal enables arbitrary file read/write	n8n	6.5
CRITICAL	CVE-2025-55526	n8n-workflows: path traversal in download_workflow endpoint	fastapi	9.1
HIGH	CVE-2025-56265	n8n: unrestricted file upload RCE via Chat Trigger	n8n	8.8
HIGH	CVE-2025-62726	n8n: security flaw enables exploitation	n8n	8.8

Page 1 of 3