We recently posted details of updates to a n8n versions that had addressed a number of identified high and critical vulnerabilities.
At the time only one vulnerability was publicly available. We can now share links of the other advisories that have been published this week Wednesday, 4th of February.
- CVE-2026-25115 - n8n Unsafe Workflow Expression Evaluation Allows Remote Code Execution · CVE-2026-1470 · GitHub Advisory Database · GitHub
- CVE-2026-2505 - n8n's Improper CSP Enforcement in Webhook Responses May Allow Stored XSS · CVE-2026-25051 · GitHub Advisory Database · GitHub
- CVE-2026-25052 - n8n's Improper File Access Controls Allow Arbitrary File Read by Authenticated Users · CVE-2026-25052 · GitHub Advisory Database · GitHub
- CVE-2026-25053 - n8n has OS Command Injection in Git Node · CVE-2026-25053 · GitHub Advisory Database · GitHub
- CVE-2026-25049 - n8n Has Expression Escape Vulnerability Leading to RCE · CVE-2026-25049 · GitHub Advisory Database · GitHub
- CVE-2026-25054 - n8n Has Stored Cross-site Scripting via Markdown Rendering in Workflow UI · CVE-2026-25054 · GitHub Advisory Database · GitHub
- CVE-2026-25055 - n8n Vulnerable to Arbitrary File Write on Remote Systems via SSH Node · CVE-2026-25055 · GitHub Advisory Database · GitHub
- CVE-2026-25056 - n8n Merge Node has Arbitrary File Write leading to RCE · CVE-2026-25056 · GitHub Advisory Database · GitHub
As previously detailed, these vulnerabilities have already been fixed in n8n versions 1.123.18, 2.4.8 and 2.6.2.
- If you are running a 1.x version below 1.123.18, please upgrade to version 1.123.18 or later.
- If you are running a 2.x version below 2.4.8, please upgrade to version 2.4.8 or later.
- If you are running version 2.5.0-2.6.1, please upgrade to version 2.6.2 or later.
In all cases, please upgrade as soon as possible to protect your instance.
The information shared here is based on current knowledge and we will keep you updated of any updates or changes in advice as soon as possible.