[UPDATE] [high] n8n: Multiple vulnerabilities
An attacker can exploit multiple vulnerabilities in n8n to gain elevated privileges, including administrator rights, execute arbitrary code, manipulate data, bypass security measures, disclose confidential information, or conduct cross-site and man-in-the-middle attacks.
CSIRTS triage
- What
- An attacker can exploit multiple vulnerabilities in n8n to gain elevated privileges, including administrator rights, execute arbitrary code, manipulate data, bypass security measures, disclose confidential information, or conduct cross-site and man-in-the-middle attacks.
- Who is affected
- Users of n8n in affected versions.
- Urgency
- Remediation is urgent due to the high severity and potential impact of the vulnerabilities.
- Action
- Update to the latest version of n8n.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch n8n
Get an email when a new n8n advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0877
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-563560.18% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 7% of all scored CVEs.
- Low exploitation riskCVE-2026-563590.14% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 4% of all scored CVEs.
- Low exploitation riskCVE-2026-274960.26% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 18% of all scored CVEs.
- Low exploitation riskCVE-2026-336600.95% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 57% of all scored CVEs.
- Low exploitation riskCVE-2026-336630.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2026-336650.32% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 24% of all scored CVEs.
- Low exploitation riskCVE-2026-336960.77% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 51% of all scored CVEs.
- Low exploitation riskCVE-2026-337200.18% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 8% of all scored CVEs.
- Low exploitation riskCVE-2026-337220.26% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 17% of all scored CVEs.
- Low exploitation riskCVE-2026-337240.29% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 21% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-56356 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-56359 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-27496 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-33660 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-33663 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-33665 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-33696 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-33720 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-33722 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-33724 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-33749 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-33751 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
Recent advisories for n8n
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- unknownCVE-2026-58661: n8n before 2.28.0 (and before 1.123.58 on the 1.x branch) contains a disk space exhaustion vul…nvd · 2026-07-10
- mediumCVE-2026-56354: n8n before 1.123.24, 2.10.4, and 2.12.0 (across its 1.x and 2.x branches) contains cross-site …nvd · 2026-07-10
- high[UPDATE] [high] n8n: Multiple vulnerabilitiescert-bund · 2026-07-10
- unknownCVE-2026-59209: n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an…nvd · 2026-07-09
- mediumCVE-2026-59208: n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2…nvd · 2026-07-09
- mediumCVE-2026-59207: n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents …nvd · 2026-07-09
More from CERT-Bund (BSI) Security Advisories
- medium[NEW] [medium] DENX U-Boot: Multiple vulnerabilities allow execution of arbitrary code and DoS2026-07-10
- medium[NEW] [medium] Samsung Android: Multiple vulnerabilities2026-07-10
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow denial of service2026-07-10
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow unspecified attack2026-07-10
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow denial of service2026-07-10