Vulnerability	Vulnerable Version
H Missing Authorization n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Missing Authorization over the `/rest/executions/:id/stop` endpoint, which can execute stop a workflow operation on workflows not owned by the user. Long-running and time-sensitive workflows are particularly vulnerable. How to fix Missing Authorization? Upgrade `n8n` to version 1.99.1 or higher.	<1.99.1
M Uncaught Exception n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Uncaught Exception via the `/rest/binary-data` endpoint when handling empty filesystem URIs. An authenticated attacker can cause resource exhaustion and disrupt service availability by sending specially crafted GET requests with empty `filesystem://` or `filesystem-v2://` URIs to the affected endpoint. How to fix Uncaught Exception? Upgrade `n8n` to version 1.99.0 or higher.	<1.99.0
M Cross-site Scripting (XSS) n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via a lack of MIME type validation on uploaded binary files, which can be controlled through a GET parameter. This allows an authenticated attacker with member-level privileges to upload a crafted HTML file containing malicious code. If another authenticated user visits the binary data endpoint with the MIME type specified as `text/html`, the embedded script will execute within the user's browser session, potentially enabling account takeover, for instance, by initiating an unauthorized email address change. How to fix Cross-site Scripting (XSS)? Upgrade `n8n` to version 1.90.0 or higher.	<1.90.0

Go back to all versions of this package