| CVE-2026-42237 |
high |
8.8 |
8.8 |
24d ago |
n8n has SQL Injection in Snowflake and MySQL Nodes |
|
| CVE-2026-42234 |
high |
8.8 |
8.8 |
24d ago |
n8n has a Python Task Runner Sandbox Escape Vulnerability |
|
| CVE-2026-42232 |
high |
8.8 |
8.8 |
24d ago |
n8n has XML Node Prototype Pollution that to RCE |
|
| CVE-2026-42231 |
high |
8.8 |
8.8 |
24d ago |
n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE |
|
| CVE-2026-42229 |
high |
8.8 |
8.8 |
24d ago |
n8n has SQL Injection in SeaTable Node |
|
| CVE-2026-45732 |
high |
— |
8.0 |
14d ago |
n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints |
|
| CVE-2026-44792 |
high |
— |
8.0 |
14d ago |
n8n Has a Source Control Pull SQL Injection |
|
| CVE-2026-42236 |
high |
7.5 |
7.5 |
24d ago |
n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration |
|
| CVE-2026-42226 |
high |
7.5 |
7.5 |
24d ago |
n8n's Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay |
|
| CVE-2026-42228 |
medium |
6.5 |
6.5 |
24d ago |
n8n Vulnerable to Hijacking of Unauthenticated Chat Execution |
|
| CVE-2026-42227 |
medium |
6.5 |
6.5 |
24d ago |
n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure |
|
| CVE-2026-42230 |
medium |
6.1 |
6.1 |
24d ago |
n8n has Open Redirect in MCP OAuth Consent Flow |
|