Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026020208025252 | Publication Time | 2026/02/02 08:56 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026/02/02 08:56 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】A Critical Security Vulnerability Has Been Identified in n8n (CVE-2026-1470) |
|||
| [Content] Forwarded from TWCERTCC-200-202601-00000030 n8n is an open-source workflow automation tool that connects multiple applications through a visual drag-and-drop interface, enabling the automation of repetitive tasks without the need for coding. Recently, a critical security advisory was released (CVE-2026-1470, CVSS: 9.9). This is a remote code execution vulnerability that allows authenticated attackers to execute arbitrary code with the privileges of the n8n process, which may result in unauthorized access to sensitive data, tampering with workflows, and execution of system-level operations. (Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
|
[Affected Platform] n8n versions 2.0.0 through earlier than 2.4.5 (exclusive) n8n versions 2.5.0 through earlier than 2.5.1 (exclusive) |
|||
|
[Recommended Actions] n8n version 1.123.17 or later n8n version 2.4.5 or later n8n version 2.5.1 or later. |
|||
| [Reference] https://www.twcert.org.tw/tw/cp-169-10693-2b4a1-1.html |
|||