fresh — released < 7 days ago · 0 open bugs, 0 Regressions
Zeitnah aktualisieren
Derived automatically from release, repo and CVE data — no judgment by a language model.
n8n 2.26.2 is a maintenance release without critical changes. The only addition is telemetry for instance settings via environment variables. No breaking changes, migrations, or security updates are included. The update can be applied routinely without requiring adjustments to existing workflows.
A vulnerability in n8n workflow software allows authenticated users with editing permissions to inject malicious JavaScript code into Chat Trigger pages, which then executes in other users' sessions.
A security vulnerability in the n8n workflow automation software allows cross-site scripting attacks when logged-in users visit specially crafted URLs, enabling attackers to execute malicious code in the user's browser.
A vulnerability in n8n allows authenticated users to cause global prototype pollution through the Microsoft SQL node, rendering the entire n8n server non-functional until restart.
A vulnerability in the n8n workflow software allows authenticated users to access other users' workflow data through the Merge node's SQL mode, because the sandbox context is shared and reused across different workflow executions.
A vulnerability in the n8n workflow software allows attackers to inject malicious data through public webhooks into workflows, potentially causing downstream actions to execute with incorrect data or credentials.
A security vulnerability in the n8n workflow software allows authenticated users to inject malicious JavaScript code into other users' browsers through webhook nodes, potentially stealing their session data.
A vulnerability in n8n workflow software allows attackers to send fake data to certain webhook nodes and execute workflows with manipulated content without requiring authentication.
A vulnerability in the n8n workflow automation software allows users with only read permissions to execute workflows despite lacking execution permissions. This can result in unintended API calls and data modifications in connected systems.
A security vulnerability in the n8n workflow software allows authenticated users with editing permissions to inject malicious filter queries through the MongoDB node, potentially overwriting unintended database documents with attacker-controlled content.
A vulnerability in the n8n workflow software allows authenticated users to inject malicious SQL commands through TimescaleDB and Postgres nodes and execute them on the connected database.
A vulnerability in the n8n workflow software allows authenticated users to send SecurityScorecard API tokens to attacker-controlled servers, potentially exposing sensitive credentials to unauthorized parties.
A security flaw in n8n's browser control component allows unauthenticated attackers to control browser functions when HTTP transport is used. This enables strangers to access cookies, website data, and execute JavaScript in the user's browser.
A security flaw in n8n Enterprise software allows authenticated users to access and hijack other users' credentials, potentially leading to data theft or workflow disruption.
In the n8n workflow automation software, users with editor access to shared workflows can access credentials they don't own through specific API endpoints due to incomplete ownership verification checks.
A vulnerability in n8n allows users with limited read permissions to start, cancel, and delete workflow test runs even though they should only have read access.
A vulnerability in n8n's Compression node allows attackers to cause memory exhaustion and crash all workflows by sending small compressed archives to public webhooks, as the decompression operation lacks size limits.
A vulnerability in the n8n workflow automation software allows authenticated users to inject malicious scripts into web pages that then execute in other users' browsers, potentially enabling account takeovers.
A vulnerability in the n8n workflow software allows authenticated users with workflow permissions to execute system commands on the server through crafted expressions.
A security vulnerability in the n8n workflow software allows authenticated users with workflow permissions to execute arbitrary code and write files on the server through the Merge node.
A security vulnerability in the n8n workflow software allows SQL injection attacks through crafted table or column names in MySQL, PostgreSQL, and Microsoft SQL database nodes, enabling attackers to execute arbitrary SQL commands.
A vulnerability in the n8n workflow automation software allows attackers to redirect users to external websites through malicious OAuth links when users deny permission requests.
A security vulnerability in the n8n workflow software allows authenticated users to inject malicious JavaScript code through the Custom CSS field, leading to stored cross-site scripting attacks on public chat pages.
A vulnerability in n8n allows authenticated users with workflow permissions to inject malicious scripts into Form Trigger nodes, which then execute for every visitor of published forms, enabling phishing attacks and form hijacking.
A security vulnerability in the n8n workflow software allows authenticated users who can create Python Code nodes to escape the sandbox and execute arbitrary code on the server.
A critical security vulnerability in the n8n workflow software allows authenticated users to execute malicious code on the server through the GSuiteAdmin node by using specially crafted parameters.
A vulnerability in the n8n workflow software allows authenticated users to create malicious HTML content that executes in other users' browsers, potentially granting access to workflows, credentials, or administrator privileges.
A vulnerability in n8n's Oracle Database node allows SQL injection attacks through the Limit field when external user input is processed without validation, enabling attackers to steal data from the connected Oracle database.
A vulnerability in the n8n workflow automation software allows authenticated users with limited privileges to steal HTTP credentials from other users and access their passwords in plaintext.
A vulnerability in n8n workflow software allows authenticated users to read variables from projects they shouldn't have access to by manipulating the project ID in API requests.
A security vulnerability in n8n workflow software allows SQL injection attacks through Snowflake and MySQL v1 nodes when user input is unsafely incorporated into database queries. Attackers could steal, modify, or delete data from connected databases.
A vulnerability in the n8n workflow automation software allows attackers to send large amounts of data to an OAuth registration endpoint without authentication, exhausting server memory and causing the application to become unavailable.
A SQL injection vulnerability in n8n's SeaTable node allows attackers to gain unauthorized access to database rows and bypass security filters by manipulating user input passed through workflow expressions.
A vulnerability in the n8n workflow software allows authenticated users to access and read local files outside configured security restrictions through Git operations.
A vulnerability in the n8n workflow automation software allows authenticated users to steal other users' API keys by tricking the system into sending foreign credentials to attacker-controlled servers.
A vulnerability in n8n workflow software allows attackers to hijack chat connections without authorization and intercept or manipulate messages when certain conditions are met.
A vulnerability in the n8n workflow automation software allows attackers to inject malicious JavaScript code through OAuth client names, which executes when notifications are displayed and can steal credentials or manipulate workflows.
A security vulnerability in the n8n workflow software allows authenticated users who can create Python Code nodes to escape the sandbox and execute arbitrary code on the server.
A vulnerability in the n8n workflow automation software allowed authenticated users to bypass security restrictions and send HTTP requests with credentials to unauthorized servers.
A vulnerability in n8n's XML processing allows authenticated users to manipulate JavaScript object structures through crafted XML data and thereby execute arbitrary code on the server.
A vulnerability in the n8n workflow software allows authenticated users to read local files and execute malicious code through the Merge node due to insufficient restrictions on SQL statements.
A vulnerability in the n8n workflow software allows authenticated users to execute malicious code by manipulating JavaScript prototypes through the XML node component.
A vulnerability in the n8n workflow software allows authenticated users to read arbitrary files from the server and potentially achieve full system compromise through the Git functionality.
A vulnerability in the n8n workflow software allows authenticated users to execute malicious code and compromise the entire system through an unvalidated parameter in the HTTP Request node.
A security flaw in n8n allows users with read-only access to shared OAuth credentials to replace them with their own tokens, enabling them to control workflows and potentially steal data.
A vulnerability in n8n workflow software allows SQL injection attacks when an attacker plants malicious files in a connected Git repository and an administrator imports them through the Source Control feature.
A security vulnerability in the n8n workflow software allows authenticated users with workflow permissions to bypass a previous security fix in the XML node and execute malicious code on the server.