| CVE-2026-42233 |
critical |
9.8 |
9.8 |
24d ago |
n8n has SQL Injection in Oracle Database Node via Limit Field |
|
| CVE-2026-42235 |
critical |
9.6 |
9.6 |
24d ago |
n8n Vulnerable to XSS via MCP OAuth client |
|
| CVE-2026-44791 |
critical |
— |
9.5 |
14d ago |
n8n Has an XML Node Prototype Pollution Patch Bypass |
|
| CVE-2026-44790 |
critical |
— |
9.5 |
14d ago |
n8n Has an Arbitrary File Read via Git Node |
|
| CVE-2026-44789 |
critical |
— |
9.5 |
14d ago |
n8n: HTTP Request Node Pagination Prototype Pollution to RCE |
|
| CVE-2026-42237 |
high |
8.8 |
8.8 |
24d ago |
n8n has SQL Injection in Snowflake and MySQL Nodes |
|
| CVE-2026-42234 |
high |
8.8 |
8.8 |
24d ago |
n8n has a Python Task Runner Sandbox Escape Vulnerability |
|
| CVE-2026-42232 |
high |
8.8 |
8.8 |
24d ago |
n8n has XML Node Prototype Pollution that to RCE |
|
| CVE-2026-42231 |
high |
8.8 |
8.8 |
24d ago |
n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE |
|
| CVE-2026-42229 |
high |
8.8 |
8.8 |
24d ago |
n8n has SQL Injection in SeaTable Node |
|
| CVE-2026-45732 |
high |
— |
8.0 |
14d ago |
n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints |
|
| CVE-2026-44792 |
high |
— |
8.0 |
14d ago |
n8n Has a Source Control Pull SQL Injection |
|
| CVE-2026-42236 |
high |
7.5 |
7.5 |
24d ago |
n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration |
|
| CVE-2026-42226 |
high |
7.5 |
7.5 |
24d ago |
n8n's Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay |
|
| CVE-2026-42228 |
medium |
6.5 |
6.5 |
24d ago |
n8n Vulnerable to Hijacking of Unauthenticated Chat Execution |
|
| CVE-2026-42227 |
medium |
6.5 |
6.5 |
24d ago |
n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure |
|
| CVE-2026-42230 |
medium |
6.1 |
6.1 |
24d ago |
n8n has Open Redirect in MCP OAuth Consent Flow |
|