N8n
AI Threat Alert tracks 64 known AI/ML vulnerabilities affecting N8n products — each enriched with CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis. Browse every N8n CVE below, sorted by severity and recency.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2026-21893 | n8n: Input Validation flaw enables exploitation | n8n | 7.2 |
| MEDIUM | CVE-2026-25631 | n8n: Input Validation flaw enables exploitation | n8n | 6.5 |
| MEDIUM | CVE-2026-27496 | n8n: uninitialized buffer leaks secrets via Task Runner | n8n | 6.5 |
| HIGH | CVE-2026-33696 | n8n: Prototype pollution enables RCE via workflow nodes | n8n | 8.8 |
| HIGH | CVE-2026-33713 | n8n: SQLi in Data Table node, full DB compromise | n8n | 8.8 |
| MEDIUM | CVE-2026-33720 | n8n: OAuth state forgery hijacks user credentials | n8n | 4.2 |
| MEDIUM | CVE-2026-33722 | n8n: secrets vault bypass exposes credentials to low-priv users | n8n | 5.3 |
| HIGH | CVE-2026-33724 | n8n: SSH MitM enables malicious workflow injection | n8n | 7.4 |
| CRITICAL | CVE-2026-33749 | n8n: stored XSS enables credential theft via workflow | n8n | 9.0 |
| MEDIUM | CVE-2026-33751 | n8n: LDAP injection enables auth bypass in workflows | n8n | 4.8 |
| CRITICAL | CVE-2026-56348 | n8n: SSRF bypasses allowlist, exfiltrates credentials | n8n | 9.1 |
| MEDIUM | CVE-2026-56357 | n8n: webhook forgery enables unauthorized workflow execution | n8n | 4.0 |
| HIGH | CVE-2026-56351 | n8n: SQL injection in DB nodes via identifier values | n8n | 8.2 |
| MEDIUM | CVE-2026-56358 | n8n: stored XSS in Form Trigger enables form hijacking | n8n | 5.4 |
| MEDIUM | CVE-2026-56350 | n8n: authenticated users can disable SSO enforcement via API | n8n | 6.3 |
| MEDIUM | CVE-2026-56356 | n8n: stored XSS in Chat Trigger Custom CSS field | n8n | 5.4 |
| MEDIUM | CVE-2026-56777 | n8n: AST validator bypass leaks env vars in Python node | n8n | 5.0 |
| MEDIUM | CVE-2026-56359 | n8n: XSS via malicious OAuth2 Authorization URL | n8n | 5.4 |
| MEDIUM | CVE-2026-56360 | n8n: unsigned Zendesk webhook allows workflow forgery | n8n | 4.0 |
| MEDIUM | CVE-2026-56775 | n8n: viewer role bypasses RBAC on eval test runs | n8n | 5.4 |
Frequently asked questions
How many known vulnerabilities affect N8n?
64 AI/ML CVEs affecting N8n products are tracked, sourced from NVD and GitHub Advisory.
What N8n products are affected?
The CVEs below map to the N8n AI/ML packages and tools tracked by AI Threat Alert; open any CVE to see the affected components and versions.
Where does the N8n vulnerability data come from?
Data is sourced from NVD and GitHub Advisory, then enriched with CVSS severity, EPSS exploit probability, and patch status for each CVE.
How can I monitor N8n for new vulnerabilities?
AI Threat Alert tracks N8n continuously; a Pro subscription adds breaking alerts when new CVEs affecting N8n are published.
How do I assess N8n's security exposure?
Each CVE below carries CVSS severity and exploitation signals, so you can review the highest-severity N8n issues first and judge the exposure for your stack.