7.1
CVE-2026-25055 - n8n Arbitrary File Write on Remote Systems via SSH Node
n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those rβ¦
8.5
CVE-2026-25054 - n8n is Vulnerable to Stored Cross-Site Scripting via Markdown Rendering in Workflow UI
n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting (XSS) vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated userβ¦
9.4
CVE-2026-25053 - n8n is Vulnerable to OS Command Injection in Git Node
n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been patchβ¦
9.4
CVE-2026-25052 - n8n Improper File Access Controls Allow Arbitrary File Read by Authenticated Users
n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical cβ¦
8.5
CVE-2026-25051 - n8n Improper CSP Enforcement in Webhook Responses May Allow Stored XSS
n8n is an open source workflow automation platform. Prior to version 1.123.2, a Cross-Site Scripting (XSS) vulnerability has been identified in the handling of webhook responses and related HTTP endpoints. Under certain conditions, the Content Security Policy (CSP) sandbox protection intended to isβ¦
7.7
CVE-2025-61917 - n8n Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner
n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the β¦
9.4
CVE-2026-25049 - n8n Has an Expression Escape Vulnerability Leading to RCE
n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue hasβ¦
7.8
CVE-2026-0662 - Untrusted Search Path Vulnerability when opening max Files
A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized.
7.8
CVE-2026-0660 - Stack Based Buffer Overflow in GIF File Parsing
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
7.8
CVE-2026-0661 - Out-of-Bounds Write in RGB File Parsing
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.