【Vulnerability Alert】A Critical Security Vulnerability Has Been Identified in n8n (CVE-2026-1470)
publish date :
2026-02-06
update date :
2026-02-06
Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026020208025252 | Publication Time | 2026/02/02 08:56 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026/02/02 08:56 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】A Critical Security Vulnerability Has Been Identified in n8n (CVE-2026-1470) |
|||
| [Content] Forwarded from TWCERTCC-200-202601-00000030 n8n is an open-source workflow automation tool that connects multiple applications through a visual drag-and-drop interface, enabling the automation of repetitive tasks without the need for coding. Recently, a critical security advisory was released (CVE-2026-1470, CVSS: 9.9). This is a remote code execution vulnerability that allows authenticated attackers to execute arbitrary code with the privileges of the n8n process, which may result in unauthorized access to sensitive data, tampering with workflows, and execution of system-level operations. (Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
|
[Affected Platform] n8n versions 2.0.0 through earlier than 2.4.5 (exclusive) n8n versions 2.5.0 through earlier than 2.5.1 (exclusive) |
|||
|
[Recommended Actions] n8n version 1.123.17 or later n8n version 2.4.5 or later n8n version 2.5.1 or later. |
|||
| [Reference] https://www.twcert.org.tw/tw/cp-169-10693-2b4a1-1.html |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center