Known vulnerabilities in n8n n8n 2.1.4

Vendor: n8n
Website: https://n8n.io/
Total Security Bulletins: 8

Security bulletins (8)

Secuity bulletin Severity Status Published
SB2026020966: Improper authenitcation in n8n Stripe Trigger node Medium
Patched
09.02.2026
SB2026020961: Arbitrary file upload in n8n merge node Medium
Patched
09.02.2026
SB2026020960: Remote code execution in n8n expression evaluation Medium
Patched
09.02.2026
SB2026020673: Path traversal in n8n High
Patched
06.02.2026
SB2026020672: Stored cross-site scripting in n8n Low
Patched
06.02.2026
SB2026020671: OS Command Injection in n8n Medium
Patched
06.02.2026
SB2026020670: Time-of-check Time-of-use (TOCTOU) Race Condition in n8n Medium
Patched
06.02.2026
SB2026011349: IP whitelist bypass in n8n Medium
Patched
13.01.2026