[UPDATE] [high] n8n: Multiple vulnerabilities
An attacker can exploit multiple vulnerabilities in n8n to execute arbitrary code, bypass security measures, manipulate data, perform an SQL injection attack, and conduct a cross-site scripting attack.
CSIRTS triage
- What
- Multiple vulnerabilities allow an attacker to execute arbitrary code, bypass security measures, manipulate data, and perform SQL injection and cross-site scripting attacks.
- Who is affected
- Deployments of n8n are affected.
- Urgency
- Remediation is high urgency due to the severity of the vulnerabilities and potential for exploitation.
- Action
- Update to the latest version of n8n to address these vulnerabilities.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch n8n
Get an email when a new n8n advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0532
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-563500.26% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 17% of all scored CVEs.
- Low exploitation riskCVE-2026-563600.19% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 8% of all scored CVEs.
- Moderate exploitation riskCVE-2026-274931.1% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 61% of all scored CVEs.
- Low exploitation riskCVE-2026-274940.35% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 27% of all scored CVEs.
- Low exploitation riskCVE-2026-274950.60% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 44% of all scored CVEs.
- Low exploitation riskCVE-2026-274970.77% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 51% of all scored CVEs.
- Low exploitation riskCVE-2026-274980.72% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 49% of all scored CVEs.
- Elevated exploitation riskCVE-2026-2757710.2% 30-day exploitation probability — well above the norm. Schedule remediation this cycle. Riskier than 95% of all scored CVEs.
- Low exploitation riskCVE-2026-275780.18% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 8% of all scored CVEs.
- Low exploitation riskCVE-2026-563570.19% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 8% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-56350 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-56360 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-27493 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-27494 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-27495 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-27497 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-27498 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-27577 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-27578 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-56357 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
Recent advisories for n8n
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- unknownCVE-2026-58661: n8n before 2.28.0 (and before 1.123.58 on the 1.x branch) contains a disk space exhaustion vul…nvd · 2026-07-10
- mediumCVE-2026-56354: n8n before 1.123.24, 2.10.4, and 2.12.0 (across its 1.x and 2.x branches) contains cross-site …nvd · 2026-07-10
- high[UPDATE] [high] n8n: Multiple vulnerabilitiescert-bund · 2026-07-10
- unknownCVE-2026-59209: n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an…nvd · 2026-07-09
- mediumCVE-2026-59208: n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2…nvd · 2026-07-09
- mediumCVE-2026-59207: n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents …nvd · 2026-07-09
More from CERT-Bund (BSI) Security Advisories
- medium[NEW] [medium] DENX U-Boot: Multiple vulnerabilities allow execution of arbitrary code and DoS2026-07-10
- medium[NEW] [medium] Samsung Android: Multiple vulnerabilities2026-07-10
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow denial of service2026-07-10
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow unspecified attack2026-07-10
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow denial of service2026-07-10