These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-54306 is a medium-severity vulnerability in n8n, an open-source workflow automation platform. A prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as normal values by downstream built-in nodes. Where a workflow combines a public webhook with a [truncated]
CVE-2026-54305 is a high-severity vulnerability in n8n's Dynamic Credentials feature. Prior to versions 1.123.55, 2.25.7, and 2.26.2, three EE endpoints accepted any authenticated n8n session without performing per-resource ownership or scope checks. This allowed an authenticated user to enumerate credential identifiers, names, and types referenced by any private workflow, initiate an OAuth authorization [truncated]
CVE-2026-54304 is a high-severity vulnerability in n8n, an open-source workflow automation platform. An authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download operation to target an attacker-controlled URL. The node attached the SecurityScorecard API token to the [truncated]
CVE-2026-54301 is a high-severity vulnerability in n8n, an open-source workflow automation platform. An authenticated user with workflow edit access could serve binary content with an attacker-controlled Content-Type using a Respond to Webhook node. The binary response path bypassed the central Content-Security-Policy sandbox header, allowing a public webhook to execute JavaScript in the n8n origin when v [truncated]
CVE-2026-49444 is a high-severity vulnerability in the n8n workflow automation platform. An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This vulnerability is fixed in versions 1.123.48, 2.21.8, and 2.22.4. The vulnerability has a CVSS score of 7.1 and is considered [truncated]
CVE-2026-45732 is a high-severity vulnerability in n8n, an open-source workflow automation platform. The vulnerability affects OAuth1 and OAuth2 credential reconnect endpoints, allowing an authenticated user with read-only access to a shared credential to initiate an OAuth reconnect flow and overwrite the stored token material for that credential with tokens bound to an external account they control. This [truncated]
CVE-2026-54314 is a vulnerability in the n8n workflow automation platform that allows for memory exhaustion via the Compression node's Decompress operation. Prior to version 2.24.0, an unauthenticated attacker could send a small compressed archive to a public webhook workflow using this node, causing the n8n process to terminate due to memory exhaustion and disrupting all workflows in the same instance. T [truncated]
CVE-2026-54313 is a medium-severity vulnerability in n8n, an open-source workflow automation platform. An authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing unintended documents to be matched and overwritten with attacker-controlled conten [truncated]
CVE-2026-54310 is a SQL injection vulnerability in n8n, an open-source workflow automation platform. Authenticated users with workflow creation or modification permissions could inject and execute arbitrary SQL against the connected database within the privileges of the configured database account. This issue affects n8n versions prior to 2.25.7 and 2.26.2. The vulnerability has been fixed in versions 2.2 [truncated]
The n8n workflow automation platform has a high-severity vulnerability, CVE-2026-54309, with a CVSS score of 8.8. The vulnerability exists in the @n8n/mcp-browser component when run in HTTP transport mode, allowing unauthenticated access to browser-control capabilities. This could enable an attacker to navigate, evaluate JavaScript, and access cookies and storage against the user's real browser profile. T [truncated]
CVE-2026-54303 is a reflected Cross-Site Scripting (XSS) vulnerability in the n8n workflow automation platform. An endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without proper sanitization or Content-Security-Policy headers. This allows an attacker to inject malicious scripts when a logged-in user visits a crafted URL. The vulnerability has a CVSS [truncated]