Vulnerability-Lookup

CVE-2025-61917 (GCVE-0-2025-61917)

Vulnerability from cvelistv5 – Published: 2026-02-04 16:46 – Updated: 2026-02-05 14:36

Title

n8n Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner

Summary

n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process (for example, data from prior requests, tasks, secrets, or tokens), resulting in potential information disclosure. This issue has been patched in version 1.114.3.

Severity ?

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-668 - Exposure of Resource to Wrong Sphere
CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

GitHub_M

References

URL

Tags

	https://github.com/n8n-io/n8n/security/advisories…	x_refsource_CONFIRM
	https://github.com/n8n-io/n8n/commit/2c4c29531997…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n8n-io	n8n	Affected: >= 1.65.0, < 1.114.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61917",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-05T14:20:24.291895Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-05T14:36:13.084Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n8n",
          "vendor": "n8n-io",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.65.0, \u003c 1.114.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process (for example, data from prior requests, tasks, secrets, or tokens), resulting in potential information disclosure. This issue has been patched in version 1.114.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668: Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T16:46:42.633Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/n8n-io/n8n/security/advisories/GHSA-49mx-fj45-q3p6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-49mx-fj45-q3p6"
        },
        {
          "name": "https://github.com/n8n-io/n8n/commit/2c4c2953199733c791f739a40879ae31ca129aba",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/n8n-io/n8n/commit/2c4c2953199733c791f739a40879ae31ca129aba"
        }
      ],
      "source": {
        "advisory": "GHSA-49mx-fj45-q3p6",
        "discovery": "UNKNOWN"
      },
      "title": "n8n Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-61917",
    "datePublished": "2026-02-04T16:46:42.633Z",
    "dateReserved": "2025-10-03T22:21:59.615Z",
    "dateUpdated": "2026-02-05T14:36:13.084Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-61917\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-04T17:16:08.820\",\"lastModified\":\"2026-02-05T14:57:34.297\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process (for example, data from prior requests, tasks, secrets, or tokens), resulting in potential information disclosure. This issue has been patched in version 1.114.3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-668\"}]}],\"references\":[{\"url\":\"https://github.com/n8n-io/n8n/commit/2c4c2953199733c791f739a40879ae31ca129aba\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/n8n-io/n8n/security/advisories/GHSA-49mx-fj45-q3p6\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-61917\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-05T14:20:24.291895Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-05T14:20:24.961Z\"}}], \"cna\": {\"title\": \"n8n Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner\", \"source\": {\"advisory\": \"GHSA-49mx-fj45-q3p6\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"n8n-io\", \"product\": \"n8n\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.65.0, \u003c 1.114.3\"}]}], \"references\": [{\"url\": \"https://github.com/n8n-io/n8n/security/advisories/GHSA-49mx-fj45-q3p6\", \"name\": \"https://github.com/n8n-io/n8n/security/advisories/GHSA-49mx-fj45-q3p6\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/n8n-io/n8n/commit/2c4c2953199733c791f739a40879ae31ca129aba\", \"name\": \"https://github.com/n8n-io/n8n/commit/2c4c2953199733c791f739a40879ae31ca129aba\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process (for example, data from prior requests, tasks, secrets, or tokens), resulting in potential information disclosure. This issue has been patched in version 1.114.3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-668\", \"description\": \"CWE-668: Exposure of Resource to Wrong Sphere\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-04T16:46:42.633Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-61917\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-05T14:36:13.084Z\", \"dateReserved\": \"2025-10-03T22:21:59.615Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-04T16:46:42.633Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

WID-SEC-W-2026-0318

Vulnerability from csaf_certbund - Published: 2026-02-04 23:00 - Updated: 2026-02-05 23:00

Summary

n8n: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

n8n ist ein Workflow-Automatisierungstool, mit dem verschiedene Anwendungen und Dienste miteinander verbunden werden können, um Aufgaben zu automatisieren.

Angriff

Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in n8n ausnutzen, um beliebigen Code auszuführen, sich erhöhte Berechtigungen zu verschaffen, Cross-Site-Scripting-Angriffe durchzuführen und vertrauliche Informationen offenzulegen. Über einige dieser Schwachstellen sind weitere Angriffe möglich, wie beispielsweise die Übernahme von Konten, das Hijacking von Sitzungen und die vollständige Kompromittierung des Systems.

Betroffene Betriebssysteme

- Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "n8n ist ein Workflow-Automatisierungstool, mit dem verschiedene Anwendungen und Dienste miteinander verbunden werden k\u00f6nnen, um Aufgaben zu automatisieren.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter oder anonymer  Angreifer kann mehrere Schwachstellen in n8n ausnutzen, um beliebigen Code auszuf\u00fchren, sich erh\u00f6hte Berechtigungen zu verschaffen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren und vertrauliche Informationen offenzulegen. \u00dcber einige dieser Schwachstellen sind weitere Angriffe m\u00f6glich, wie beispielsweise die \u00dcbernahme von Konten, das Hijacking von Sitzungen und die vollst\u00e4ndige Kompromittierung des Systems.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0318 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0318.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0318 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0318"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-7c4h-vh2m-743m"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/advisories/GHSA-49mx-fj45-q3p6"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-8398-gmmx-564h"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-hv53-3329-vmrm"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-m82q-59gv-mcr9"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/advisories/GHSA-qpq4-pw7f-pp8w"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-9g95-qf3f-ggrw"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-gfvg-qv54-r4pc"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-825q-w924-xhgx"
      },
      {
        "category": "external",
        "summary": "PoC CVE-2026-25049 vom 2026-02-04",
        "url": "https://www.pillar.security/blog/n8n-sandbox-escape-critical-vulnerabilities-in-n8n-exposes-hundreds-of-thousands-of-enterprise-ai-systems-to-complete-takeover"
      }
    ],
    "source_lang": "en-US",
    "title": "n8n: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-02-05T23:00:00.000+00:00",
      "generator": {
        "date": "2026-02-05T14:24:22.187+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0318",
      "initial_release_date": "2026-02-04T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-02-04T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-02-05T23:00:00.000+00:00",
          "number": "2",
          "summary": "doppelte Eintragung bereinigt"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.4.8",
                "product": {
                  "name": "n8n n8n \u003c2.4.8",
                  "product_id": "T050537"
                }
              },
              {
                "category": "product_version",
                "name": "2.4.8",
                "product": {
                  "name": "n8n n8n 2.4.8",
                  "product_id": "T050537-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:2.4.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.120.3",
                "product": {
                  "name": "n8n n8n \u003c1.120.3",
                  "product_id": "T050538"
                }
              },
              {
                "category": "product_version",
                "name": "1.120.3",
                "product": {
                  "name": "n8n n8n 1.120.3",
                  "product_id": "T050538-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.120.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.5.0",
                "product": {
                  "name": "n8n n8n \u003c2.5.0",
                  "product_id": "T050539"
                }
              },
              {
                "category": "product_version",
                "name": "2.5.0",
                "product": {
                  "name": "n8n n8n 2.5.0",
                  "product_id": "T050539-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:2.5.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.123.10",
                "product": {
                  "name": "n8n n8n \u003c1.123.10",
                  "product_id": "T050540"
                }
              },
              {
                "category": "product_version",
                "name": "1.123.10",
                "product": {
                  "name": "n8n n8n 1.123.10",
                  "product_id": "T050540-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.123.10"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.5.2",
                "product": {
                  "name": "n8n n8n \u003c2.5.2",
                  "product_id": "T050541"
                }
              },
              {
                "category": "product_version",
                "name": "2.5.2",
                "product": {
                  "name": "n8n n8n 2.5.2",
                  "product_id": "T050541-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:2.5.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.123.17",
                "product": {
                  "name": "n8n n8n \u003c1.123.17",
                  "product_id": "T050542"
                }
              },
              {
                "category": "product_version",
                "name": "1.123.17",
                "product": {
                  "name": "n8n n8n 1.123.17",
                  "product_id": "T050542-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.123.17"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.114.3",
                "product": {
                  "name": "n8n n8n \u003c1.114.3",
                  "product_id": "T050543"
                }
              },
              {
                "category": "product_version",
                "name": "1.114.3",
                "product": {
                  "name": "n8n n8n 1.114.3",
                  "product_id": "T050543-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.114.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.4.0",
                "product": {
                  "name": "n8n n8n \u003c2.4.0",
                  "product_id": "T050544"
                }
              },
              {
                "category": "product_version",
                "name": "2.4.0",
                "product": {
                  "name": "n8n n8n 2.4.0",
                  "product_id": "T050544-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:2.4.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.118.0",
                "product": {
                  "name": "n8n n8n \u003c1.118.0",
                  "product_id": "T050545"
                }
              },
              {
                "category": "product_version",
                "name": "1.118.0",
                "product": {
                  "name": "n8n n8n 1.118.0",
                  "product_id": "T050545-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.118.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.123.12",
                "product": {
                  "name": "n8n n8n \u003c1.123.12",
                  "product_id": "T050546"
                }
              },
              {
                "category": "product_version",
                "name": "1.123.12",
                "product": {
                  "name": "n8n n8n 1.123.12",
                  "product_id": "T050546-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.123.12"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.123.18",
                "product": {
                  "name": "n8n n8n \u003c1.123.18",
                  "product_id": "T050547"
                }
              },
              {
                "category": "product_version",
                "name": "1.123.18",
                "product": {
                  "name": "n8n n8n 1.123.18",
                  "product_id": "T050547-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.123.18"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.2.1",
                "product": {
                  "name": "n8n n8n \u003c2.2.1",
                  "product_id": "T050548"
                }
              },
              {
                "category": "product_version",
                "name": "2.2.1",
                "product": {
                  "name": "n8n n8n 2.2.1",
                  "product_id": "T050548-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:2.2.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.123.9",
                "product": {
                  "name": "n8n n8n \u003c1.123.9",
                  "product_id": "T050549"
                }
              },
              {
                "category": "product_version",
                "name": "1.123.9",
                "product": {
                  "name": "n8n n8n 1.123.9",
                  "product_id": "T050549-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.123.9"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.123.2",
                "product": {
                  "name": "n8n n8n \u003c1.123.2",
                  "product_id": "T050550"
                }
              },
              {
                "category": "product_version",
                "name": "1.123.2",
                "product": {
                  "name": "n8n n8n 1.123.2",
                  "product_id": "T050550-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.123.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "n8n"
          }
        ],
        "category": "vendor",
        "name": "n8n"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-61917",
      "product_status": {
        "known_affected": [
          "T050543"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2025-61917"
    },
    {
      "cve": "CVE-2026-25049",
      "product_status": {
        "known_affected": [
          "T050543",
          "T050542",
          "T050545",
          "T050544",
          "T050550",
          "T050541",
          "T050540",
          "T050539",
          "T050546",
          "T050538",
          "T050549",
          "T050537",
          "T050548"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25049"
    },
    {
      "cve": "CVE-2026-25051",
      "product_status": {
        "known_affected": [
          "T050538",
          "T050543",
          "T050545",
          "T050550"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25051"
    },
    {
      "cve": "CVE-2026-25052",
      "product_status": {
        "known_affected": [
          "T050543",
          "T050542",
          "T050545",
          "T050544",
          "T050550",
          "T050540",
          "T050539",
          "T050547",
          "T050546",
          "T050538",
          "T050549",
          "T050537",
          "T050548"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25052"
    },
    {
      "cve": "CVE-2026-25053",
      "product_status": {
        "known_affected": [
          "T050539",
          "T050538",
          "T050549",
          "T050537",
          "T050548",
          "T050543",
          "T050545",
          "T050544",
          "T050550",
          "T050540"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25053"
    },
    {
      "cve": "CVE-2026-25054",
      "product_status": {
        "known_affected": [
          "T050538",
          "T050549",
          "T050548",
          "T050543",
          "T050545",
          "T050550"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25054"
    },
    {
      "cve": "CVE-2026-25055",
      "product_status": {
        "known_affected": [
          "T050546",
          "T050538",
          "T050549",
          "T050548",
          "T050543",
          "T050545",
          "T050544",
          "T050550"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25055"
    },
    {
      "cve": "CVE-2026-25056",
      "product_status": {
        "known_affected": [
          "T050548",
          "T050543",
          "T050545",
          "T050544"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25056"
    },
    {
      "cve": "CVE-2026-25115",
      "product_status": {
        "known_affected": [
          "T050548",
          "T050537"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25115"
    },
    {
      "cve": "CVE-2026-21893",
      "product_status": {
        "known_affected": [
          "T050538",
          "T050543",
          "T050545"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-21893"
    }
  ]
}

GHSA-49MX-FJ45-Q3P6

Vulnerability from github – Published: 2026-02-04 17:48 – Updated: 2026-02-04 19:53

Summary

n8n's Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner

Details

Impact

The use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process (for example, data from prior requests, tasks, secrets, or tokens), resulting in potential information disclosure.

Only authenticated users are able to execute code through Task Runners.

This issue affected any deployment in which both of the following conditions were met: - Task Runners were enabled using N8N_RUNNERS_ENABLED=true (default: false) - Code Node was enabled (default: true)

Patches

Access to unsafe Buffer functions has been removed from the task runner sandbox. All buffer allocations are now zero-filled by default.

Fixed in: 1.114.3 & 1.115.0
Action: It is strongly recommended to upgrade to version ≥ 1.114.3 as soon as possible.

Changes introduced in this patch include: - Routing all buffer allocations through Buffer.alloc (which zero-fills) operations where applicable
- Adding regression tests to ensure continued enforcement of safe allocation practices

Workarounds

If an immediate upgrade cannot be applied, the following hardening steps are recommended:

Disable the Code Node by adding n8n-nodes-base.code to the NODES_EXCLUDE environment variable
Prefer external mode for isolation: run Task Runners in external mode so that untrusted task code executes in a separate sidecar container rather than within the main n8n process. This configuration significantly reduces the risk of in-process memory disclosure caused by unsafe buffer allocations.
In external mode, a launcher manages Task Runner processes in a dedicated sidecar environment, separate from the primary n8n instance.
See the n8n documentation for configuration details and required environment variables.

Resources

Node.js documentation: Buffer.alloc() vs Buffer.allocUnsafe() — background on zero-filled vs uninitialized allocations
n8n Documentation — Task Runners — external mode, setup guide, and environment configuration details
n8n Documentation — Blocking nodes — how to globally disable specific nodes

Severity ?

7.7 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.65.0"
            },
            {
              "fixed": "1.114.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-61917"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-04T17:48:11Z",
    "nvd_published_at": "2026-02-04T17:16:08Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nThe use of `Buffer.allocUnsafe()` and `Buffer.allocUnsafeSlow()` in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process (for example, data from prior requests, tasks, secrets, or tokens), resulting in potential information disclosure.  \n\nOnly authenticated users are able to execute code through Task Runners.\n\nThis issue affected any deployment in which both of the following conditions were met:\n- Task Runners were enabled using `N8N_RUNNERS_ENABLED=true` (default: false)\n- Code Node was enabled (default: true)\n\n\n### Patches\n\nAccess to unsafe Buffer functions has been removed from the task runner sandbox. All buffer allocations are now zero-filled by default.\n\n- **Fixed in:** 1.114.3 \u0026 1.115.0\n- **Action:** It is strongly recommended to upgrade to version \u2265 1.114.3 as soon as possible.\n\nChanges introduced in this patch include:\n- Routing all buffer allocations through `Buffer.alloc` (which zero-fills) operations where applicable  \n- Adding regression tests to ensure continued enforcement of safe allocation practices\n\n\n### Workarounds\n\nIf an immediate upgrade cannot be applied, the following hardening steps are recommended:\n\n- Disable the Code Node by adding `n8n-nodes-base.code` to the `NODES_EXCLUDE` environment variable  \n- Prefer external mode for isolation: run Task Runners in external mode so that untrusted task code executes in a separate sidecar container rather than within the main n8n process. This configuration significantly reduces the risk of in-process memory disclosure caused by unsafe buffer allocations.  \n  In external mode, a launcher manages Task Runner processes in a dedicated sidecar environment, separate from the primary n8n instance.  \n  See the [n8n documentation](https://docs.n8n.io/hosting/configuration/task-runners/) for configuration details and required environment variables.\n\n\n### Resources\n\n- Node.js documentation: [`Buffer.alloc()`](https://nodejs.org/docs/latest-v22.x/api/buffer.html#static-method-bufferallocsize-fill-encoding) vs [`Buffer.allocUnsafe()`](https://nodejs.org/docs/latest-v22.x/api/buffer.html#static-method-bufferallocunsafesize) \u2014 background on zero-filled vs uninitialized allocations  \n- [n8n Documentation \u2014 Task Runners](https://docs.n8n.io/hosting/configuration/task-runners/) \u2014 external mode, setup guide, and environment configuration details\n- [n8n Documentation \u2014 Blocking nodes](https://docs.n8n.io/hosting/securing/blocking-nodes/) \u2014 how to globally disable specific nodes",
  "id": "GHSA-49mx-fj45-q3p6",
  "modified": "2026-02-04T19:53:00Z",
  "published": "2026-02-04T17:48:11Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-49mx-fj45-q3p6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61917"
    },
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/commit/2c4c2953199733c791f739a40879ae31ca129aba"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/n8n-io/n8n"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "n8n\u0027s Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner"
}

FKIE_CVE-2025-61917

Vulnerability from fkie_nvd - Published: 2026-02-04 17:16 - Updated: 2026-02-05 14:57

Severity ?

7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/n8n-io/n8n/commit/2c4c2953199733c791f739a40879ae31ca129aba
	security-advisories@github.com	https://github.com/n8n-io/n8n/security/advisories/GHSA-49mx-fj45-q3p6

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the same Node.js process (for example, data from prior requests, tasks, secrets, or tokens), resulting in potential information disclosure. This issue has been patched in version 1.114.3."
    }
  ],
  "id": "CVE-2025-61917",
  "lastModified": "2026-02-05T14:57:34.297",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 4.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-04T17:16:08.820",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/n8n-io/n8n/commit/2c4c2953199733c791f739a40879ae31ca129aba"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-49mx-fj45-q3p6"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        },
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-61917 (GCVE-0-2025-61917)

WID-SEC-W-2026-0318

GHSA-49MX-FJ45-Q3P6

Impact

Patches

Workarounds

Resources

FKIE_CVE-2025-61917

Tags

Sightings

Nomenclature