Overview · n8n-io/n8n · GitHub

Security

SECURITY.md

Reporting a Vulnerability

If you discover a (suspected) security vulnerability, please report it through our Vulnerability Disclosure Program.

Unauthenticated Expression Evaluation via Form Node
GHSA-75g8-rv7v-32f7 published Feb 25, 2026 by Jubke

High
LDAP Filter Injection in LDAP Node
GHSA-w83q-mcmx-mh42 published Mar 25, 2026 by Jubke

Moderate
Legacy ExecuteWorkflow Node Bypassed File Path Restrictions
GHSA-2vx9-7wpg-88jq published May 13, 2026 by Jubke

Moderate
In-Process Memory Disclosure in Task Runner
GHSA-xvh5-5qg4-x9qp published Mar 25, 2026 by Jubke

High
SSO Enforcement Bypass
GHSA-vjf3-2gpj-233v published Feb 25, 2026 by Jubke

Moderate
Sandbox Escape in JavaScript Task Runner
GHSA-jjpj-p2wh-qf23 published Feb 25, 2026 by Jubke

Critical
n8n Guardrail Node Bypass
GHSA-fvfv-ppw4-7h2w published Feb 25, 2026 by Jubke

Moderate
External Secrets Authorization Bypass in Credential Saving
GHSA-fxcw-h3qj-8m8p published Mar 25, 2026 by Jubke

High
XSS in Credential Management Flow
GHSA-364x-8g5j-x2pr published Mar 25, 2026 by Jubke

Moderate
XSS and Open Redirect in Form Node
GHSA-w673-8fjw-457c published Mar 25, 2026 by Jubke

Moderate

Learn more about advisories related to n8n-io/n8n in the GitHub Advisory Database