N8n

N8n

42 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-58177

  • EPSS 0.02%
  • Veröffentlicht 15.09.2025 16:49:06
  • Zuletzt bearbeitet 14.10.2025 19:34:18

n8n is an open source workflow automation platform. From 1.24.0 to before 1.107.0, there is a stored cross-site scripting (XSS) vulnerability in @n8n/n8n-nodes-langchain.chatTrigger. An authorized user can configure the LangChain Chat Trigger node wi...

8.8

CVE-2025-56265

Exploit
  • EPSS 0.06%
  • Veröffentlicht 08.09.2025 00:00:00
  • Zuletzt bearbeitet 12.09.2025 20:47:21

An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file.

9.1

CVE-2025-55526

Exploit
  • EPSS 0.54%
  • Veröffentlicht 26.08.2025 00:00:00
  • Zuletzt bearbeitet 15.09.2025 19:38:14

n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the download_workflow function within api_server.py

6.5

CVE-2025-57749

  • EPSS 0.08%
  • Veröffentlicht 20.08.2025 21:46:39
  • Zuletzt bearbeitet 03.09.2025 15:07:16

n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account fo...

5.4

CVE-2025-52478

  • EPSS 0.03%
  • Veröffentlicht 19.08.2025 16:32:34
  • Zuletzt bearbeitet 03.09.2025 15:12:04

n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting (XSS) vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HT...

4.3

CVE-2025-52554

  • EPSS 0.07%
  • Veröffentlicht 03.07.2025 20:15:23
  • Zuletzt bearbeitet 04.09.2025 16:53:45

n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not b...

4.9

CVE-2025-49595

  • EPSS 0.07%
  • Veröffentlicht 03.07.2025 12:16:47
  • Zuletzt bearbeitet 04.09.2025 16:49:06

n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://). This allows authenticated attackers to...

5.4

CVE-2025-49592

  • EPSS 0.04%
  • Veröffentlicht 26.06.2025 19:45:27
  • Zuletzt bearbeitet 02.09.2025 17:52:02

n8n is a workflow automation platform. Versions prior to 1.98.0 have an Open Redirect vulnerability in the login flow. Authenticated users can be redirected to untrusted, attacker-controlled domains after logging in, by crafting malicious URLs with a...

5.4

CVE-2025-46343

  • EPSS 0.14%
  • Veröffentlicht 29.04.2025 04:35:16
  • Zuletzt bearbeitet 09.05.2025 19:37:16

n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting (XSS) through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users....

7.5

CVE-2023-27564

Exploit
  • EPSS 3.89%
  • Veröffentlicht 10.05.2023 15:15:09
  • Zuletzt bearbeitet 27.01.2025 21:15:09

The n8n package 0.218.0 for Node.js allows Information Disclosure.