[UPDATE] [high] n8n: Multiple vulnerabilities
An attacker can exploit multiple vulnerabilities in n8n to execute arbitrary code, bypass security measures, perform SQL injection and cross-site scripting attacks, manipulate data, cause a Denial of Service condition, or disclose sensitive information, which may allow further attacks including privilege escalation.
CSIRTS triage
- What
- An attacker can exploit multiple vulnerabilities in n8n to execute arbitrary code, bypass security measures, perform SQL injection and cross-site scripting attacks, manipulate data, cause a Denial of Service condition, or disclose sensitive information.
- Who is affected
- Remote attackers exploiting vulnerabilities in n8n.
- Urgency
- Remediation is urgent due to the high severity and potential for significant impact.
- Action
- Update to the latest version of n8n to mitigate these vulnerabilities.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch n8n
Get an email when a new n8n advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1875
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-543030.18% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 7% of all scored CVEs.
- Low exploitation riskCVE-2026-567770.24% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 16% of all scored CVEs.
- Low exploitation riskCVE-2026-567780.17% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 7% of all scored CVEs.
- Low exploitation riskCVE-2026-567760.16% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 6% of all scored CVEs.
- Low exploitation riskCVE-2026-567750.18% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 7% of all scored CVEs.
- Low exploitation riskCVE-2026-543010.22% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 12% of all scored CVEs.
- Low exploitation riskCVE-2026-543020.21% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 11% of all scored CVEs.
- Low exploitation riskCVE-2026-543040.35% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 27% of all scored CVEs.
- Low exploitation riskCVE-2026-543050.34% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 26% of all scored CVEs.
- Low exploitation riskCVE-2026-543060.26% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 17% of all scored CVEs.
Referenced CVEs
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- mediumCVE-2026-56778: n8n before 2.25.7 and 2.26.x before 2.26.2 contains an authorization bypass in the Public API …nvd
- highCVE-2026-56776: n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflow…nvd
- mediumCVE-2026-56775: n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization vulnerability in three mutat…nvd
- mediumCVE-2026-56777: n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree (AST) security val…nvd
- unknownNCSC-2026-0212 [1.00] [M/H] Vulnerabilities fixed in n8n workflow automation platformncsc-nl
- highGHSA-pmqw-72cg-wx85: n8n: Credential Exfiltration via Permission Bypassghsa
Recent advisories for n8n
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- unknownCVE-2026-58661: n8n before 2.28.0 (and before 1.123.58 on the 1.x branch) contains a disk space exhaustion vul…nvd · 2026-07-10
- mediumCVE-2026-56354: n8n before 1.123.24, 2.10.4, and 2.12.0 (across its 1.x and 2.x branches) contains cross-site …nvd · 2026-07-10
- high[UPDATE] [high] n8n: Multiple vulnerabilitiescert-bund · 2026-07-10
- unknownCVE-2026-59209: n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an…nvd · 2026-07-09
- mediumCVE-2026-59208: n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2…nvd · 2026-07-09
- mediumCVE-2026-59207: n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents …nvd · 2026-07-09
More from CERT-Bund (BSI) Security Advisories
- medium[NEW] [medium] DENX U-Boot: Multiple vulnerabilities allow execution of arbitrary code and DoS2026-07-10
- medium[NEW] [medium] Samsung Android: Multiple vulnerabilities2026-07-10
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow denial of service2026-07-10
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow unspecified attack2026-07-10
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow denial of service2026-07-10