SB20260423156 - Multiple vulnerabilities in n8n
Published: April 23, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 vulnerabilities.
1) Prototype pollution (CVE-ID: N/A)
CWE-ID: CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes (\'Prototype Pollution\')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to prototype pollution in the XML Node when creating or modifying workflows containing XML node data. A remote user can create or modify a workflow to trigger global prototype pollution and execute arbitrary code.
Exploitation requires permission to create or modify workflows and code execution occurs when combined with other nodes exploiting the prototype pollution.
2) Prototype pollution (CVE-ID: N/A)
CWE-ID: CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes (\'Prototype Pollution\')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to prototype pollution in the xml2js library used by the webhook body parser when parsing a crafted XML request body. A remote attacker can send a crafted XML payload and chain the resulting prototype pollution with the Git node's SSH operations to execute arbitrary code.
Exploitation requires the ability to create or modify workflows.
3) Improper Neutralization of Alternate XSS Syntax (CVE-ID: N/A)
CWE-ID: CWE-87 - Improper Neutralization of Alternate XSS Syntax
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to execute arbitrary JavaScript in a victim's authenticated browser session.
The vulnerability exists due to improper neutralization of alternate XSS syntax in the MCP OAuth client consent and revocation notification flow when rendering a crafted client_name. A remote attacker can register a malicious MCP OAuth client to execute arbitrary JavaScript in a victim's authenticated browser session.
User interaction is required to authorize the OAuth consent dialog and click the rendered link in the toast notification.
4) Improper access control (CVE-ID: N/A)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information and influence downstream workflow behavior.
The vulnerability exists due to improper access control in the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature when handling connections to a target execution. A remote attacker can connect to a waiting execution using a valid execution ID to disclose sensitive information and influence downstream workflow behavior.
Exploitation requires a public Hosted Chat workflow with authentication set to none, a target execution in a waiting state, and knowledge of the execution ID for that waiting execution.
5) SQL injection (CVE-ID: N/A)
CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to SQL injection in the SeaTable node row:search and row:get operations when processing user-controlled input passed via expressions into search or row retrieval parameters. A remote attacker can send crafted input to retrieve unintended rows from the connected SeaTable base and disclose sensitive information.
Exploitation requires a workflow configuration in which external user input is passed via expressions into the searchTerm or rowId parameters.
6) Allocation of Resources Without Limits or Throttling (CVE-ID: N/A)
CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper resource control in the MCP OAuth client registration endpoint when handling unauthenticated client registration requests. A remote attacker can send large registration payloads to cause a denial of service.
The endpoint is reachable regardless of whether MCP access is enabled on the instance.
7) SQL injection (CVE-ID: N/A)
CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to disclose sensitive information or modify data in the connected database.
The vulnerability exists due to SQL injection in the Snowflake node and legacy MySQL v1 node when processing user-controlled input in identifier fields such as table name, column name, or update key via expressions. A remote user can send crafted input to inject SQL statements and disclose sensitive information or modify data in the connected database.
Exploitation requires a workflow configuration that passes user-controlled input into identifier fields via expressions.
8) Authorization bypass through user-controlled key (CVE-ID: N/A)
CWE-ID: CWE-639 - Authorization Bypass Through User-Controlled Key
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to authorization bypass through a user-controlled key in the public API variables endpoint when handling requests with an arbitrary projectId query parameter. A remote user can supply a crafted projectId value to disclose sensitive information.
Only licensed enterprise or team deployments with multiple projects and the variables feature enabled are vulnerable.
9) SQL injection (CVE-ID: N/A)
CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to improper input validation in the Oracle Database node Limit field when processing user-controlled expressions in the select operation. A remote user can supply a specially crafted expression value to disclose sensitive information.
Exploitation requires a workflow configuration in which external input is passed into the Limit field, such as through a webhook.
10) Code Injection (CVE-ID: N/A)
CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to execute arbitrary code on the task runner container.
The vulnerability exists due to improper control of code generation in the Python Code Node when creating or modifying workflows containing Python code. A remote user can craft a malicious workflow to execute arbitrary code on the task runner container.
This issue only affects instances where the Python Task Runner is enabled.
11) Open redirect (CVE-ID: N/A)
CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to redirect users to an external site and disclose limited sensitive information.
The vulnerability exists due to improper input validation in the MCP OAuth consent flow when handling OAuth client registration and consent denial requests. A remote attacker can register an arbitrary redirect_uri and send a crafted phishing link to redirect users to an attacker-controlled site and disclose limited sensitive information.
User interaction is required, and exploitation occurs if the victim clicks "Deny" on the consent page.
Remediation
Install update from vendor's website.
References
- https://github.com/n8n-io/n8n/security/advisories/GHSA-hqr4-h3xv-9m3r
- https://github.com/advisories/GHSA-hqr4-h3xv-9m3r
- https://github.com/n8n-io/n8n/security/advisories/GHSA-q5f4-99jv-pgg5
- https://github.com/advisories/GHSA-q5f4-99jv-pgg5
- https://github.com/n8n-io/n8n/security/advisories/GHSA-537j-gqpc-p7fq
- https://github.com/advisories/GHSA-537j-gqpc-p7fq
- https://github.com/n8n-io/n8n/security/advisories/GHSA-f77h-j2v7-g6mw
- https://github.com/advisories/GHSA-f77h-j2v7-g6mw
- https://github.com/n8n-io/n8n/security/advisories/GHSA-mp4j-h6gh-f6mp
- https://github.com/advisories/GHSA-mp4j-h6gh-f6mp
- https://github.com/n8n-io/n8n/security/advisories/GHSA-49m9-pgww-9vq6
- https://github.com/advisories/GHSA-49m9-pgww-9vq6
- https://github.com/n8n-io/n8n/security/advisories/GHSA-hp3c-vfpm-q4f7
- https://github.com/advisories/GHSA-hp3c-vfpm-q4f7
- https://github.com/n8n-io/n8n/security/advisories/GHSA-756q-gq9h-fp22
- https://github.com/advisories/GHSA-756q-gq9h-fp22
- https://github.com/n8n-io/n8n/security/advisories/GHSA-r6jc-mpqw-m755
- https://github.com/advisories/GHSA-r6jc-mpqw-m755
- https://github.com/n8n-io/n8n/security/advisories/GHSA-44v6-jhgm-p3m4
- https://github.com/advisories/GHSA-44v6-jhgm-p3m4
- https://github.com/n8n-io/n8n/security/advisories/GHSA-f6x8-65q6-j9m9
- https://github.com/advisories/GHSA-f6x8-65q6-j9m9