CNNVD-202601-2025 Information
CNNVD ID
CNNVD-202601-2025
Related CVE
- CNNVD Published: 2026-01-13
Description (Chinese)
n8n是n8n开源的一个可扩展的工作流自动化工具。 n8n 1.36.0版本至2.2.0之前版本存在访问控制错误漏洞,该漏洞源于Webhook节点的IP白名单验证执行部分字符串匹配而非精确IP比较,可能导致安全绕过。
Description (English)
n8n is an expanded workflow automation tool for n8n open source. n8n 1.36.0 to 2.2.0 have access control error holes that originate from the IP white list at the Webhook node to verify that the operative string matches rather than precise IP comparisons, which may lead to a safe circumvention.
Hazard Level
High
Vulnerability Type
访问控制错误
Affected Vendor
n8n
Published
2026-01-13
Last Modified
2026-02-24
References
https://github.com/n8n-io/n8n/commit/11f8597d4ad69ea3b58941573997fdbc4de1fec5 https://github.com/n8n-io/n8n/pull/23399 https://github.com/n8n-io/n8n/security/advisories/GHSA-w96v-gf22-crwp https://github.com/n8n-io/n8n/issues/23399 https://access.redhat.com/security/cve/cve-2025-68949
Patch
https://github.com/n8n-io/n8n/releases
Share on: