N8n

n8n has XSS in Chat Trigger Node through Custom CSS

## Impact An authenticated user with permission to create or modify workflows could inject malicious JavaScript into the Custom CSS field of the Chat Trigger node. Due to a misconfiguration in the `sanitize-html` library, the sanitization could be bypassed, resulting in stored XSS on the public chat page. Any user visiting the chat URL would be affected. ## Patches The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to re

n8n: Authenticated XSS and Open Redirect via Form Node

## Impact An authenticated user with permission to create or modify workflows could configure a Form Node with an unsanitized HTML description field or exploit an overly permissive iframe sandbox policy to perform stored cross-site scripting or redirect end users visiting the form to an arbitrary external URL. The vulnerability could be used to facilitate phishing attacks. ## Patches The issue has been fixed in n8n versions 1.123.24, 2.10.4 and 2.12.0. Users should upgrade to one of these versi

n8n has a Stored XSS Vulnerability in its Form Trigger

## Impact An authenticated user with permission to create or modify workflows could exploit a flaw in the Form Trigger node's CSS sanitization to store a cross-site scripting (XSS) payload. The injected script executes persistently for every visitor of the published form, enabling form submission hijacking and phishing. The existing Content Security Policy prevents direct n8n session cookie theft but does not prevent script execution or form action manipulation. ## Patches The issue has been fi

n8n Vulnerable to LDAP Filter Injection in LDAP Node

## Impact A flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node's search parameters, an attacker could manipulate the constructed filter to retrieve unintended LDAP records or bypass authentication checks implemented in the workflow. Exploitation requires a specific workflow configuration: - The LD

n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

## Impact An authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The `/rest/binary-data` endpoint served such responses inline on the n8n origin without `Content-Disposition` or `Content-Security-Policy` headers, allowing the HTML to render in the browser with full same-origin JavaScript access. By sending the resulting URL to a higher-privileged user, an attacker could execute JavaScript in the vic

n8n has SQL Injection in Data Table Node via orderByColumn Expression

## Impact An authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulated and the attack surface is practically limited. On PostgreSQL deployments, multi-statement execution is possible, enabling data modification and deletion. ## Patches The issue has been fixed in n8n versions 1.123.26, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later

n8n: Prototype Pollution in XML and GSuiteAdmin node parameters lead to RCE

## Impact An authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the GSuiteAdmin node. By supplying a crafted parameter as part of node configuration, an attacker could write attacker-controlled values onto `Object.prototype`. An attacker could use this prototype pollution to achieve remote code execution on the n8n instance. ## Patches The issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.27. Users should upgrade to

n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no

## Impact When the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server could intercept the connection and present a fraudulent host key, potentially injecting malicious content into workflows or intercepting repository data. - This issue only affects instances where the Source Control feature has been explicitly enabled and configured t

n8n Has External Secrets Authorization Bypass in Credential Saving

## Impact An authenticated user without permission to list external secrets could reference a secret by the external name in a credential and retrieve its plaintext value when saving the credential. This bypassed the `externalSecret:list` permission check and allowed access to secrets stored in connected vaults without admin or owner privileges. - This issue requires the instance to have an external secrets vault configured. - The attacker must know or be able to guess the name of a target secr

n8n Has Authorization Bypass in OAuth Callback via N8N_SKIP_AUTH_ON_OAUTH_CALLBACK

## Impact When the `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK` environment variable is set to `true`, the OAuth callback handler skips ownership verification of the OAuth state parameter. This allows an attacker to trick a victim into completing an OAuth flow against a credential object the attacker controls, causing the victim's OAuth tokens to be stored in the attacker's credential. The attacker can then use those tokens to execute workflows in their name. - This issue only affects instances where `N8N

n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover

## Impact When LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could control their own LDAP email attribute could set it to match another user's email — including an administrator's — and upon login gain full access to that account. The account linkage persisted even if the LDAP email was later reverted, resulting in a permanent account takeover. -

n8n is Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition

## Impact An authenticated user with the `global:member` role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials (`httpBasicAuth`, `httpHeaderAuth`, `httpQueryAuth`) belonging to other users on the same instance. The attack abuses a name-based credential resolution path that does not enforce ownership or project scope, combined with a bypass in the credentials permission checker that causes generic HTTP credential type

n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode

## Impact An authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to access sensitive files on the server or even compromise the intance. ## Patches The issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.27. Users should upgrade to one of these versions or late

n8n has In-Process Memory Disclosure in its Task Runner

## Impact An authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data from the same Node.js process — including data from prior requests, tasks, secrets, or tokens — resulting in information disclosure of sensitive in-process data. - Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`. - In external runner mode, the impact is limited to data within the

n8n has Webhook Forgery on Zendesk Trigger Node

## Impact An attacker who knows the webhook URL of a workflow using the ZendeskTrigger node could send unsigned POST requests and trigger the workflow with arbitrary data. The node does not verify the HMAC-SHA256 signature that Zendesk attaches to every outbound webhook, allowing any party to inject crafted payloads into the connected workflow. ## Patches The issue has been fixed in n8n versions 2.6.2 and 1.123.18. Users should upgrade to one of these versions or later to remediate the vulnerab

n8n has a Guardrail Node Bypass

## Impact An end user interacting with a workflow that uses the Guardrail node could craft an input that bypasses the default guardrail instructions. ## Patches The issue has been fixed in n8n version 2.10.0. Users should upgrade to this version or later to remediate the vulnerability. ## Workarounds If upgrading is not immediately possible, administrators should consider the following temporary mitigations: - Limit access to trusted users. - Review asses the practical impact of guardrail bypa

n8n has an Authentication Bypass in its Chat Trigger Node

## Impact When the Chat Trigger node is configured with n8n User Auth authentication, the authentication check could be circumvented. - This issue requires the Chat Trigger node to be configured with n8n User Auth authentication (non-default). ## Patches The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate the vulnerability. ## Workarounds If upgrading is not immediately possible, administrators should consid

n8n has an SSO Enforcement Bypass in its Self-Service Settings API

## Impact An authenticated user signed in through Single Sign-On (SSO) could disable SSO enforcement for their own account through the n8n API. This allowed the user to create a local password and authenticate directly with email and password, completely bypassing the organization's SSO policy, centralized identity management, and any identity-provider-enforced multi-factor authentication. ## Patches The issue has been fixed in n8n version 2.8.0. Users should upgrade to this version or later to

n8n: Webhook Forgery on Github Webhook Trigger

## Impact An attacker who knows the webhook URL of a workflow using the GitHub Webhook Trigger node could send unsigned POST requests and trigger the workflow with arbitrary data. The node did not implement the HMAC-SHA256 signature verification that GitHub provides to authenticate webhook deliveries, allowing any party to spoof GitHub webhook events. ## Patches The issue has been fixed in n8n versions 2.5.0 and 1.123.15. Users should upgrade to one of these versions or later to remediate the v

n8n: SQL Injection in MySQL, PostgreSQL, and Microsoft SQL nodes

## Impact An authenticated user with permission to create or modify workflows and access to a database credential could unknowingly create a workflow that was vulnerable to SQL injection, even while expecting inputs to be handled safely through escaped parameters. By supplying specially crafted table or column names, an attacker could inject arbitrary SQL because the MySQL, PostgreSQL, and Microsoft SQL nodes did not escape identifier values when constructing queries, enabling injection through

n8n Vulnerable to Stored XSS via Various Nodes

## Impact An authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various nodes (Form Trigger node, Chat Trigger node, Send & Wait node, Webhook Node, and Chat Node). Scripts injected by a malicious workflow execute in the browser of any user who visits the affected page, enabling session hijacking and account takeover. ## Patches The issues have been fixed in n8n versions 2.10.1,

n8n: Expression Sandbox Escape Leads to RCE

## Impact Additional exploits in the expression evaluation of n8n have been identified and patched following [CVE-2025-68613](https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp). An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. ## Patches The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade t

n8n has Arbitrary Command Execution via File Write and Git Operations

## Impact An authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration files and then triggering a git operation, the attacker could execute arbitrary shell commands on the n8n host. ## Patches The issue has been fixed in n8n versions 2.2.0 and 1.123.8. Users should upgrade to one of these versions or later to remediate the vulnerability. ## Workarou

n8n has Potential Remote Code Execution via Merge Node

## Impact An authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. ## Patches The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate all known vulnerabilities. ## Workarounds If upgrading is not immediately possible, administrators should consider the following temporary mitigations:

n8n has a Sandbox Escape in its JavaScript Task Runner

## Impact An authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner. - Task Runners must be enabled using `N8N_RUNNERS_ENA

n8n has Arbitrary File Read via Python Code Node Sandbox Escape

## Impact An authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain built-in Python objects, allowing an attacker to exfiltrate file contents or achieve RCE. On instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task ex

n8n has Unauthenticated Expression Evaluation via Form Node

## Impact A second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form data. When chained with an expression sandbox escape, this could escalate to remote code execution on the n8n host. The vulnerability requires a specific workflow configuration to be exploitable: 1. A form node with a field interpolating a value provided by an unauthenticated user, e.g. a

n8n's domain allowlist bypass enables credential exfiltration

## Impact A vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This only might affect user who have credentials that use wildcard domain patterns (e.g., `*.example.com`) in the "Allowed domains" setting. ## Patches This issue is fixed in version 1.121.0 and later. All users are strongly encouraged to upgrade. ## Workarounds Until proje

n8n has a Python sandbox escape

## Impact A vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. Only authenticated users are able to execute code through Task Runners. This issue affected any deployment in which the following conditions were met: - Task Runners were enabled using `N8N_RUNNERS_ENABLED=true` (default: false) - Python was enabled `N8N_PYTHON_ENABLED=true` - Code Node was enabled (default: true

n8n Merge Node has Arbitrary File Write leading to RCE

## Impact A vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remote code execution. ## Patches The issue has been fixed in n8n version 2.4.0, 1.118.0. Users should upgrade to this version or later to remediate the vulnerability. ## Workarounds If upgrading is not immediately possible, administrators should consider the following temporary m

n8n Vulnerable to Arbitrary File Write on Remote Systems via SSH Node

## Impact When workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those remote systems potentially leading to remote code execution on those systems. As a prerequisites an unauthenticated attacker needs knowledge of such workflows existing and the endpoints for file uploads need to be unauthenticated. ## Patches The issue has been fixed in n8n versio

n8n Has Stored Cross-site Scripting via Markdown Rendering in Workflow UI

## Impact A Cross-site Scripting (XSS) vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user with permission to create or modify workflows could abuse this to execute scripts with same-origin privileges when other users interact with a maliciously crafted workflow. This could lead to session hijacking and account takeover. ## Patches The issue has been fixed in n8n ve

n8n has OS Command Injection in Git Node

## Impact Vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. ## Patches The issue has been fixed in n8n versions 2.5.0, and 1.123.10. Users should upgrade to this version or later to remediate the vulnerability. ## Workarounds If upgrading is not immediately possible, administrators should consider the following temporary mitigations: - Limit workflow creatio

n8n's Improper File Access Controls Allow Arbitrary File Read by Authenticated Users

## Impact A vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical configuration data and user credentials, leading to complete account takeover of any user on the instance. ## Patches The issue has been fixed in n8n version 1.123.18 and 2.5.0. Users should upgrade to this version or later to remediate the vulnerability. ## Workarounds If upg

n8n's Improper CSP Enforcement in Webhook Responses May Allow Stored XSS

## Impact A Cross-site Scripting (XSS) vulnerability has been identified in the handling of webhook responses and related HTTP endpoints. Under certain conditions, the Content Security Policy (CSP) sandbox protection intended to isolate HTML responses may not be applied correctly. An authenticated user with permission to create or modify workflows could abuse this to execute malicious scripts with same-origin privileges when other users interact with the crafted workflow. This could lead to se

n8n Has Expression Escape Vulnerability Leading to RCE

### Impact Additional exploits in the expression evaluation of n8n have been identified and patched following [CVE-2025-68613](https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp). An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. ### Patches The issue has been fixed in n8n versions 1.123.17 and 2.5.2. Users should upgrade to these

n8n Vulnerable to Command Injection in Community Package Installation

### Impact A Command Injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system commands on the n8n host under specific conditions. **Important context** - Exploitation requires _administrative_ access to the n8n instance. - The affected functionality is restricted to trusted users who are already permitted to install third-party community packages. - No unauthen

n8n's Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner

### Impact The use of `Buffer.allocUnsafe()` and `Buffer.allocUnsafeSlow()` in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process (for example, data from prior requests, tasks, secrets, or tokens), resulting in potential information disclosure. Only authenticated users are able to execute code through Task Runners. This issue affected any deployment in which both of the followin

n8n Unsafe Workflow Expression Evaluation Allows Remote Code Execution

n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including una

n8n: Webhook Node IP Whitelist Bypass via Partial String Matching

## Impact The Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely contained the configured whitelist entry as a substring. This issue affected instances where workflow editors relied on IP-based access controls to restrict webhook access. Both IPv4 and IPv6 addresses were impacted. An attacker with a non-whitelisted IP could bypass restrictions if their IP shar

n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks

### Impact An authentication bypass in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stripe webhook signing secret when registering the webhook endpoint, but incoming webhook requests were not verified against this secret. As a result, any HTTP client that knows the webhook URL could send a POST request containing a matching event `type`, causing the workflow to execute as if a legitim

n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling

### Impact A vulnerability in n8n allows an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker. This could result in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. ### Patches The issue has been fixed in n8n version 1.121.0. Users should upgrade to this version or later

n8n Vulnerable to RCE via Arbitrary File Write

### Impact n8n is affected by an authenticated Remote Code Execution (RCE) vulnerability. Under certain conditions, an authenticated user may be able to cause untrusted code to be executed by the n8n service. This could result in full compromise of the affected instance. Both self-hosted and n8n Cloud instances are impacted. ### Patches The issue has been resolved in n8n version 1.121.3. Users are advised to upgrade to this version or later to fully address the vulnerability. ### Workaround

Self-hosted n8n has Legacy Code node that enables arbitrary file read/write

### Impact In self-hosted n8n instances where the Code node runs in legacy (non-task-runner) JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node. This allows a workflow editor to perform actions on the n8n host with the same privileges as the n8n process, including: - Reading files from the host filesystem (subject to any file-access restrictions configured on the instance and OS/container permissions) - Wr

n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

### Impact A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process. ### Patches In n8n version 1.111.0, a task-runner-based native Python implementation was introduced as an optional feature, providing a more secure isolation model. To enable it, you need to configu

n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox

### Summary A stored Cross-Site Scripting (XSS) vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the top-level window, rather than within the expected sandbox introduced in version 1.103.0. This behavior can enable a malicious actor with workflow creation permissions to execute arbitrary JavaScript in the context of the n8n editor interface. While session cookies

n8n Vulnerable to Remote Code Execution via Expression Injection

### Impact n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of

n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook

### Impact The n8n Git node allows workflows to set arbitrary Git configuration values through the _Add Config_ operation. When an attacker-controlled workflow sets `core.hooksPath` to a directory within the cloned repository containing a Git hook such as `pre-commit`, Git executes that hook during subsequent Git operations. Because Git hooks run as local system commands, this behavior can lead to **arbitrary command execution** on the underlying n8n host. Successful exploitation requires the

n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

### Impact A remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigger the hook’s execution. This allows attackers to execute arbitrary code within the n8n environment, potentially compromising the system and any connected credentials or workflows. All users with w

n8n: Execute Command Node Allows Authenticated Users to Run Arbitrary Commands on Host

### Impact The `Execute Command` node in n8n allows execution of arbitrary commands on the host system where n8n runs. While this functionality is intended for advanced automation and can be useful in certain workflows, it poses a security risk if all users with access to the n8n instance are not fully trusted. An attacker—either a malicious user or someone who has compromised a legitimate user account—could exploit this node to run arbitrary commands on the host machine, potentially leading t

Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter

### Impact A stored Cross-Site Scripting (XSS) vulnerability was identified in the `@n8n/n8n-nodes-langchain.chatTrigger` node in n8n. If an authorized user configures the node with malicious JavaScript in the initialMessages field and enables public access, the script will be executed in the browser of anyone who visits the resulting public chat URL. This vulnerability could be exploited for phishing or to steal cookies or other sensitive data from users who access the public chat link, posing

n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files

### Impact A symlink traversal vulnerability was discovered in the `Read/Write File` node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks). An attacker with the ability to create symlinks—such as by using the `Execute Command` node—could exploit this to bypass the intended directory restrictions and read from or write to otherwise inaccessible paths. Users of _n8n.cloud_ are not impacted. ### Patche

Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source

### Impact A stored **Cross-Site Scripting (XSS)** vulnerability was identified in [n8n](https://github.com/n8n-io/n8n), specifically in the **Form Trigger** node's **HTML form element**. An authenticated attacker can inject malicious HTML via an `<iframe>` with a `srcdoc` payload that includes arbitrary JavaScript execution. The attacker can also inject malicious Javascript by using `<video>` coupled `<source>` using an `onerror` event. While using `iframe` or a combination of `video` and `so

n8n is vulnerable to Improper Authorization through its `/stop` endpoint

## Summary An authorization vulnerability was discovered in the `/rest/executions/:id/stop` endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption. ### Impact This is an **improper authorization** vulnerability. While most API methods enforce user-scoped access to workflow execution IDs, the `/stop` endpoint fails to do so. An attacker can guess or enumerate execution IDs (which

n8n Vulnerable to Denial of Service via Malformed Binary Data Requests

## Summary Denial of Service vulnerability in `/rest/binary-data` endpoint when processing empty filesystem URIs (`filesystem://` or `filesystem-v2://`). ### Impact This is a Denial of Service (DoS) vulnerability that allows authenticated attackers to cause service unavailability through malformed filesystem URI requests. The vulnerability affects: - The `/rest/binary-data` endpoint - n8n.cloud instances (confirmed HTTP/2 524 timeout responses) Attackers can exploit this by sending GET reques

n8n allows open redirects via the /signin endpoint

### Impact This is an Open Redirect (CWE-601) vulnerability in the login flow of n8n. Authenticated users can be redirected to untrusted, attacker-controlled domains after logging in, by crafting malicious URLs with a misleading redirect query parameter. This may lead to: - Phishing attacks by impersonating the n8n UI on lookalike domains (e.g., n8n.local.evil.com) - Credential or 2FA theft if users are tricked into re-entering sensitive information - Reputation risk due to the visual similar

n8n Vulnerable to Stored XSS through Attachments View Endpoint

### Impact n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there was no restriction on the MIME type of uploaded files, and the MIME type could be controlled via a GET parameter. This allowed the server to respond with any MIME type, potentially enabling malicious content to be interpreted and executed by the browser. An authenticated attacker with member-level permissions could exploit this by uploading a crafted HTML file containing malici

n8n Directory Traversal vulnerability

The n8n package prior to version 0.216.1 for Node.js allows Directory Traversal.

n8n Information Disclosure vulnerability

The n8n package prior to 0.216.1 for Node.js allows Information Disclosure.

n8n Privilege Escalation vulnerability

The n8n package prior to 0.216.1 for Node.js allows Escalation of Privileges.