n8n
n8n Git Node Path Traversal Vulnerability
A security vulnerability in the Git node allowed authenticated users with workflow creation/modification permissions to bypass the
n8n SQL Injection in TimescaleDB and Postgres v1 Nodes
SQL injection vulnerability in TimescaleDB and legacy Postgres v1 nodes allows arbitrary SQL execution.
n8n MongoDB Node Find And Replace Operation Vulnerability
A security vulnerability in the MongoDB node's Find And Replace operation allows authenticated users with workflow edit access to
n8n: POST /workflows/{workflowId}/test-runs/new permission misassignment
The POST /workflows/{workflowId}/test-runs/new endpoint was incorrectly using workflow:read permission instead of workflow:execute
n8n: MicrosoftAgent365Trigger and StripeTrigger nodes missing request validation
The MicrosoftAgent365Trigger and StripeTrigger nodes did not validate inbound requests, allowing unauthenticated attackers to subm
n8n Prototype Pollution via Public Webhook Payload
A prototype pollution vulnerability in n8n allowed a crafted public webhook payload to inject attacker-controlled fields into work
n8n Merge Node SQL Sandbox Prototype Pollution Vulnerability
A prototype pollution vulnerability in the Merge node's SQL Query mode sandbox allows authenticated users with workflow creation/m
n8n Reflected XSS in Meta and Microsoft Teams Trigger Nodes
Reflected XSS vulnerability in Meta and Microsoft Teams trigger nodes due to unsanitized query parameter reflection in HTTP respon
n8n Python Code Node AST Bypass Vulnerability
A security vulnerability in n8n allows authenticated users with permission to create or modify workflows containing a Python Code
n8n Public API Retry Execution Authorization Bypass
The Public API endpoint for retrying executions used `workflow:read` instead of `workflow:execute` for authorization, allowing rea
n8n Compression Node Decompress Operation Enforces Size and Entry Limits
The Compression node's Decompress operation now enforces configurable limits on decompressed output size and ZIP entry count to pr
n8n Python Code Node Sandbox Escape Allows Arbitrary Code Execution
A security vulnerability in n8n allows authenticated users with permission to create or modify workflows containing a Python Code
n8n: Respond to Webhook Node Allows Content-Type Injection Bypassing CSP
An authenticated user with workflow edit access can configure a Respond to Webhook node to serve binary content with an attacker-c
n8n Microsoft SQL Node Prototype Pollution Vulnerability
An authenticated user with permission to create or modify workflows can achieve global prototype pollution via the Microsoft SQL n
n8n Chat Trigger XSS via webhookId Injection
An authenticated user with workflow edit access can inject arbitrary JavaScript into the Chat Trigger's generated page by setting
n8n: Cross-User Credential Access via Shared Workflow API
A member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API en
n8n Enterprise: Missing Scope Checks in Dynamic Credentials Endpoints
Three EE endpoints used by the Dynamic Credentials feature lacked per-resource ownership or scope checks, allowing authenticated u
n8n: Unauthenticated MCP session in @n8n/mcp-browser with HTTP transport
Unauthenticated MCP session and tool invocation in @n8n/mcp-browser when using HTTP transport.
n8n SecurityScorecard Node API Token Exfiltration Vulnerability
A vulnerability in the SecurityScorecard node allows an authenticated user with workflow creation/modification permissions to exfi