A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.4-s.4 mitigates this issue. The identifier of the patch is 5e37c4e85fae68e756be5019a28ca903b161fdd5. Upgrading the affected component is advised.

CVE Database V5

Detailed information about CVE-2026-3209: Improper Access Controls in fosrl Pangolin affecting fosrl Pangolin. Get real-time updates, technical details, and mit

CVE-2026-3209: Improper Access Controls in fosrl Pangolin - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-3209: Improper Access Controls in fosrl Pangolin

TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable in use, the impact is either source code disclosure or remote code execution (RCE). Anyone hosting CGI scripts (particularly interpreted languages like PHP) using vulnerable versions of TinyWeb is impacted. The problem has been patched in version 2.01. If upgrading is not immediately possible, ensure `STRICT_CGI_PARAMS` is enabled (it is defined by default in `define.inc`) and/or do not use CGI executables that natively accept dangerous command-line flags (such as `php-cgi.exe`). If hosting PHP, consider placing the server behind a Web Application Firewall (WAF) that explicitly blocks URL query string parameters that begin with a hyphen (`-`) or contain encoded double quotes (`%22`).

Detailed information about CVE-2026-27613: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in maximmasiutin T

CVE-2026-27613: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in maximmasiutin TinyWeb - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-27613: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in maximmasiutin TinyWeb

CVE-2026-27578 is a high-severity cross-site scripting (XSS) vulnerability affecting the n8n open source workflow automation platform prior to versions 2. 10. 1, 2. 9. 3, and 1. 123. 22. Authenticated users with workflow creation or modification permissions can inject arbitrary scripts via multiple nodes, including Form Trigger, Chat Trigger, Send & Wait, Webhook, and Chat nodes. These scripts execute in the browsers of users viewing affected pages, enabling session hijacking and potential account takeover. The vulnerability requires authentication and some user interaction but can lead to significant confidentiality and integrity impacts.

CVE-2026-27578 is an improper neutralization of script-related HTML tags vulnerability (CWE-80, CWE-79) in the n8n workflow automation platform. It affects versions prior to 2.10.1, 2.9.3, and 1.123.22. The flaw allows an authenticated user with permissions to create or modify workflows to inject malicious JavaScript into pages rendered by the n8n web application. Injection points include multiple nodes such as Form Trigger, Chat Trigger, Send & Wait, Webhook, and Chat nodes. When other users visit these pages, the injected scripts execute in their browsers, potentially leading to session hijacking, credential theft, and account takeover. The vulnerability arises from insufficient sanitization or encoding of user-supplied input that is reflected in the HTML output. Exploitation requires authenticated access and some user interaction (visiting the affected page). The CVSS 4.0 base score is 8.5 (high), reflecting network attack vector, low attack complexity, no privileges required beyond workflow editing, partial user interaction, and high impact on confidentiality and integrity. The vendor has released patches in versions 2.10.1 and 1.123.21 that properly neutralize script injection vectors. Until upgrading, administrators can limit workflow creation/editing to trusted users and disable the Webhook node via environment variable configuration, though these are partial mitigations only.

Detailed information about CVE-2026-27578: CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in n8n-io n8n affecting n8n-io 

CVE-2026-27578: CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in n8n-io n8n - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-27578: CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in n8n-io n8n

CVE-2026-27498 is a critical code injection vulnerability in the n8n workflow automation platform affecting versions prior to 2. 2. 0 and 1. 123. 8. An authenticated user with workflow creation or modification permissions can chain the Read/Write Files from Disk node with git operations to execute arbitrary shell commands on the host system. This occurs by writing to specific configuration files and triggering git commands, leading to remote code execution without requiring user interaction. The vulnerability has a CVSS 4. 0 score of 9. 0, reflecting high impact and ease of exploitation with low privileges.

CVE-2026-27498 is a critical vulnerability classified under CWE-94 (Improper Control of Generation of Code) affecting the n8n open source workflow automation platform. The flaw exists in versions prior to 2.2.0 and 1.123.8, where an authenticated user with permissions to create or modify workflows can exploit the Read/Write Files from Disk node in conjunction with git operations to achieve remote code execution on the host system. The attack vector involves writing malicious content to configuration files that are subsequently processed by git commands, enabling arbitrary shell command execution. This vulnerability does not require user interaction but does require authenticated access with specific permissions, which may be granted to trusted users or insiders. The issue stems from insufficient sanitization and control over code generation and execution within workflow nodes, allowing injection of shell commands. The vulnerability has been addressed in n8n versions 2.2.0 and 1.123.8 by improving input validation and restricting unsafe operations. Until upgrades can be applied, administrators are advised to limit workflow creation and editing permissions strictly to trusted users and disable the Read/Write Files from Disk node by excluding it via the NODES_EXCLUDE environment variable. However, these mitigations are partial and do not fully remove the risk of exploitation. The vulnerability has a CVSS 4.0 score of 9.0, indicating a critical severity with network attack vector, low attack complexity, and partial privileges required. No known exploits in the wild have been reported yet, but the potential impact is severe due to the ability to execute arbitrary code remotely on the host system.

Detailed information about CVE-2026-27498: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n affecting n8n-io n8n. Get real-time u

CVE-2026-27498: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-27498: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n

CVE-2026-27577 is a critical code injection vulnerability in the n8n workflow automation platform affecting versions prior to 2. 10. 1, 2. 9. 3, and 1. 123. 22. An authenticated user with workflow creation or modification permissions can exploit crafted expressions to execute arbitrary system commands on the host. This vulnerability arises from improper control of code generation during expression evaluation (CWE-94). No user interaction is required beyond authentication, and exploitation can lead to full system compromise.

CVE-2026-27577 is a critical vulnerability in the n8n open source workflow automation platform, identified as CWE-94: Improper Control of Generation of Code ('Code Injection'). The flaw exists in the expression evaluation mechanism used within workflow parameters, where an authenticated user with permissions to create or modify workflows can inject crafted expressions that lead to unintended execution of system commands on the host machine running n8n. This vulnerability affects multiple versions of n8n prior to 2.10.1, 2.9.3, and 1.123.22. The root cause is insufficient sanitization and control over code generation during expression evaluation, allowing malicious payloads to be executed at the system level. Exploitation does not require user interaction beyond authentication and leverages legitimate workflow editing capabilities, making it a potent attack vector. The vulnerability was disclosed and patched promptly, with the vendor recommending immediate upgrades to the fixed versions. In environments where immediate patching is not feasible, administrators are advised to restrict workflow creation and editing permissions strictly to trusted users and deploy n8n in a hardened environment with minimal OS privileges and network restrictions to contain potential exploitation impact. The CVSS 4.0 base score of 9.4 reflects the vulnerability's critical severity, considering its network attack vector, low complexity, no required user interaction, and high impact on confidentiality, integrity, and availability.

Detailed information about CVE-2026-27577: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n affecting n8n-io n8n. Get real-time u

CVE-2026-27577: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-27577: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n

An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the __bf_div function.

Detailed information about CVE-2024-48241: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2024-48241: n/a

CVE-2024-48241: n/a

Description

Technical Details

Community Reviews

Related Threats

CVE-2026-3209: Improper Access Controls in fosrl Pangolin

CVE-2026-27613: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in maximmasiutin TinyWeb

CVE-2026-27578: CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in n8n-io n8n

CVE-2026-27498: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n

CVE-2026-27577: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility