CNNVD-202601-1480 Information

CNNVD ID

CNNVD-202601-1480

Related CVE

CVE-2026-21894

• CNNVD Published: 2026-01-08

Description (Chinese)

n8n是n8n开源的一个可扩展的工作流自动化工具。 n8n 0.150.0版本至2.2.2之前版本存在安全漏洞，该漏洞源于Stripe Trigger节点存在认证绕过，可能导致未经验证的方触发工作流。

Description (English)

n8n is an expanded workflow automation tool for n8n open source. There was a security loophole in the pre-versions of n8n 0.150.0 to 2.2.2, which stemmed from the presence of an authentication bypass at the Stripe Trigger node, which could result in an uncertified party triggering the workflow.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

n8n

Published

2026-01-08

Last Modified

2026-02-24

References

https://github.com/n8n-io/n8n/commit/a61a5991093c41863506888336e808ac1eff8d59 https://github.com/n8n-io/n8n/pull/22764 https://github.com/n8n-io/n8n/security/advisories/GHSA-jf52-3f2h-h9j5 https://access.redhat.com/security/cve/cve-2026-21894

Patch

https://github.com/n8n-io/n8n/releases