Serial number: AV26-379
Date: April 22, 2026
On April 22, 2026, n8n published security advisories to address vulnerabilities, including some critical ones, in the following products:
- n8n (MCP Client Registration) – multiple versions
- n8n (dynamic-node-parameters) – multiple versions
- n8n (XML Node Prototype Pollution) – multiple versions
- n8n (XML Webhook) – multiple versions
- n8n (SQL Mode of Merge Node) – multiple versions
- n8n (MCP OAuth client) – multiple versions
- n8n (Python Task Runner) – multiple versions
The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.
