n8n security advisories

2 threat alerts tracking vulnerabilities and security advisories that affect n8n products.

Vulnios monitors n8n CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent n8n security news in one place, or click into an individual alert for full detail.

Critical Vulnerability: CVE-2026-42233 — n8n — n8n
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the
criticalCVE-2026-42233
Critical Vulnerability: CVE-2026-42235 — n8n — n8n
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted client_name.
criticalCVE-2026-42235

Track n8n exposure across your environment

Vulnios automatically cross-references your asset inventory against new n8n CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.

Start a free scan

n8n security advisories

Critical Vulnerability: CVE-2026-42233 — n8n — n8n

Critical Vulnerability: CVE-2026-42235 — n8n — n8n

Track n8n exposure across your environment