PT-2026-23993 · Npm · N8N

Publicado

2026-02-26

·

Atualizado

2026-02-26

CVSS v3.1

3.7

Baixa

VetorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Impact

An end user interacting with a workflow that uses the Guardrail node could craft an input that bypasses the default guardrail instructions.

Patches

The issue has been fixed in n8n version 2.10.0. Users should upgrade to this version or later to remediate the vulnerability.

Workarounds

If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
  • Limit access to trusted users.
  • Review asses the practical impact of guardrail bypasses in your usecase and adjust your workflow accordingly.
These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

Correção

Protection Mechanism Failure

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-693CWE-20

Identificadores relacionados

GHSA-FVFV-PPW4-7H2W

Produtos afetados

N8N