Vulnerabilidades en n8n-io
79 resultadosCVE-2025-52478HIGHStored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/sourceEPSS 0.3%CVE-2026-54305HIGHn8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE EndpointsEPSS 0.3%CVE-2026-42229MEDIUMn8n: SQL Injection in SeaTable NodeEPSS 0.3%CVE-2026-42235HIGHn8n: XSS via MCP OAuth clientEPSS 0.3%CVE-2026-44792HIGHn8n: Source Control Pull SQL InjectionEPSS 0.3%CVE-2026-42233MEDIUMn8n: SQL Injection in Oracle Database Node via Limit FieldEPSS 0.3%CVE-2026-33665HIGHn8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account TakeoverEPSS 0.3%CVE-2026-54311MEDIUMn8n: Merge Node SQL Mode Prototype PollutionEPSS 0.3%CVE-2026-54307HIGHn8n: Credential Exfiltration via Permission BypassEPSS 0.3%CVE-2026-45732HIGHn8n: Cross-user Authorization Bypass in Dynamic Credential OAuth EndpointsEPSS 0.3%CVE-2026-25052CRITICALn8n Improper File Access Controls Allow Arbitrary File Read by Authenticated UsersEPSS 0.3%CVE-2026-54312HIGHn8n: Microsoft SQL Node Prototype PollutionEPSS 0.3%CVE-2026-33724MEDIUMn8n's Source Control SSH Configuration Uses StrictHostKeyChecking=noEPSS 0.3%CVE-2026-54308MEDIUMn8n: Missing Token Validation on Microsoft Agent 365 Trigger NodeEPSS 0.3%CVE-2026-25631MEDIUMDomain allowlist bypass enables credential exfiltrationEPSS 0.3%CVE-2025-52554MEDIUMn8n Improper Authorization in Workflow Execution Stop Endpoint Allows Terminating Other Users’ WorkflowsEPSS 0.3%CVE-2026-27496HIGHn8n has In-Process Memory Disclosure in its Task RunnerEPSS 0.3%CVE-2026-54313MEDIUMn8n: NoSQL Injection in MongoDB Node Find And Replace OperationEPSS 0.3%CVE-2026-33722HIGHn8n Has External Secrets Authorization Bypass in Credential SavingEPSS 0.3%CVE-2026-42226HIGHn8n: Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key ReplayEPSS 0.3%