n8n security advisories
9 threat alerts tracking vulnerabilities and security advisories that affect n8n products.
Vulnios monitors n8n CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent n8n security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2026-54305 — n8n — n8n
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without per
criticalCVE-2026-54305Critical Vulnerability: CVE-2026-54307 — n8n — n8n
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could reference credentials they do not own via s
criticalCVE-2026-54307Critical Vulnerability: CVE-2026-54309 — n8n — n8n
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, when @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocation
criticalCVE-2026-54309Critical Vulnerability: CVE-2026-54310 — n8n — n8n
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB
criticalCVE-2026-54310Critical Vulnerability: CVE-2026-44789 — n8n — n8n
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could achieve global prototype pollution
criticalCVE-2026-44789Critical Vulnerability: CVE-2026-44791 — n8n — n8n
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-42232
criticalCVE-2026-44791Critical Vulnerability: CVE-2026-44792 — n8n — n8n
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to an n8n Source Control configuration could co
criticalCVE-2026-44792Critical Vulnerability: CVE-2026-42233 — n8n — n8n
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the
criticalCVE-2026-42233Critical Vulnerability: CVE-2026-42235 — n8n — n8n
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted client_name.
criticalCVE-2026-42235
Track n8n exposure across your environment
Vulnios automatically cross-references your asset inventory against new n8n CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan