CVE-2025-61917

Name of the Vulnerable Software and Affected Versions n8n versions 1.65.0 through 1.114.2

Description n8n is a workflow automation platform. The use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner allowed untrusted code to allocate uninitialized memory. This could result in information disclosure, as uninitialized buffers might contain residual data from the Node.js process, such as prior requests, tasks, secrets, or tokens.

Recommendations Update to version 1.114.3 or later.