| CVE-2026-42233 |
critical |
9.8 |
9.8 |
23d ago |
n8n has SQL Injection in Oracle Database Node via Limit Field |
|
| CVE-2026-42235 |
critical |
9.6 |
9.6 |
23d ago |
n8n Vulnerable to XSS via MCP OAuth client |
|
| CVE-2026-44791 |
critical |
— |
9.5 |
14d ago |
n8n Has an XML Node Prototype Pollution Patch Bypass |
|
| CVE-2026-44790 |
critical |
— |
9.5 |
14d ago |
n8n Has an Arbitrary File Read via Git Node |
|
| CVE-2026-44789 |
critical |
— |
9.5 |
14d ago |
n8n: HTTP Request Node Pagination Prototype Pollution to RCE |
|
| CVE-2026-42228 |
medium |
6.5 |
6.5 |
23d ago |
n8n Vulnerable to Hijacking of Unauthenticated Chat Execution |
|
| CVE-2026-42227 |
medium |
6.5 |
6.5 |
23d ago |
n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure |
|
| CVE-2026-42230 |
medium |
6.1 |
6.1 |
23d ago |
n8n has Open Redirect in MCP OAuth Consent Flow |
|