CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.14)
In n8n before versions 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An authenticated user with no project membership or credential sharing relationship could enumerate credential identifiers, names, and types referenced by any private workflow in the instance, initiate an OAuth authorization flow against another user's credential to overwrite its stored tokens with tokens bound to an account they control, or revoke another user's stored credential tokens entirely.
In n8n before versions 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download operation to target an attacker-controlled URL. The node attached the SecurityScorecard API token to the outbound request, causing the credential to be sent to the attacker-controlled host bypassing credential configured limitations and exfiltrating.
In n8n before versions 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the injected code executed in the n8n origin with that user's session privileges.
In n8n before versions 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type. The binary response path bypassed the central Content-Security-Policy sandbox header, allowing a public webhook to execute JavaScript in the n8n origin when visited by an authenticated user, with access to that user's session.
A vulnerability in yt-dlp prior to version 2026.06.09 allows an attacker to write arbitrary files by passing unsanitized input to the external tool aria2c when downloading HLS/DASH streams. On Windows systems this leads to immediate arbitrary code execution, while on other platforms code execution occurs on the next yt-dlp invocation.
In yt-dlp before version 2026.06.09, a vulnerability was discovered that allows a remote attacker to write malicious OS-shortcut files (such as .desktop, .url, .webloc) to the user's filesystem. The issue stems from an incorrect allowlist that includes unsafe file extensions, bypassing the fixes for CVE-2024-38519. This vulnerability is fixed in version 2026.06.09.
Vulnerability in yt-dlp from version 2023.09.24 to 2026.06.09 causes cookie leakage to an unintended host when using curl as an external downloader. The issue occurs during HTTP redirects or when the fragment host differs from the parent manifest host.
In n8n before versions 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push operation, bypassing the N8N_RESTRICT_FILE_ACCESS_TO file sandbox. This allowed the contents of any local git repository accessible to the n8n process to be cloned into an allowed path and read, circumventing the access restrictions that correctly blocked direct file reads to the same paths.
In n8n, an open source workflow automation platform, prior to versions 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container.
In Langflow before version 1.10.0, the 'Shareable Playground' ('Public Flows') feature allowed public execution of flows. The execution request could contain a list of files read by Langflow and fed into the LLM, enabling arbitrary file reads from local or S3 paths depending on configuration.
Langflow before version 1.9.2 contains a critical RCE vulnerability in the 'Shareable Playground' feature. Unauthenticated users can execute arbitrary Python code by sending a crafted request to the /api/v1/build_public_tmp endpoint with the field data.nodes[X].data.node.template.code.value.
In n8n before versions 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token material for that credential with tokens bound to an external account they control.
The addUser method in the XML-RPC API has a validation bypass introduced in the fix for CVE-2025-55129. API users could create usernames that enabled impersonation or stored XSS attacks.
CVE-2026-44960 involves a stored XSS that can be exploited by leveraging usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation.
A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low-privileged user could add an unexpected component parameter and inject malicious PHP code into the compiledlimitations field, which would then be executed during banner delivery.
The vulnerability allows advertiser-level users to activate or deactivate a banner in Revive Adserver 6.0.6 and earlier, even when such permissions were not granted. The banner-edit.php script allowed the banner status to be overwritten solely based on banner edit permissions.
A missing access control check when invoking various modify methods in the XML-RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships.
Low-privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system-generated emails, whose content is stored in the details field of the userlog table.
n8n is an open source workflow automation platform. Prior to versions 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name, potentially leading to SQL injection.
n8n is an open source workflow automation platform. Prior to versions 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-42232 in the XML node, potentially leading to RCE on the n8n host.

