Important Security Patch 25/02/2026 (update to 2.9.3)
-
Edit: The latest version has been published and is available for updating in Cloudron.
Hello team, I received this notice from n8n regarding an incoming update happening tomorrow. It specifically mentions self-hosted instances and it sounds like it may be quite a bad vulnerability. I just wanted to call this out in case you need to or want to notify your customer base.
Upcoming security advisories. Action required: update to latest patch version. We are preparing to release patches and security advisories this Wednesday, 25th of February, around midday CET, to address recently discovered high-or critical-severity security vulnerabilities in n8n. We recommend that all self-hosted instances be patched to the latest patch version in their respective release branches as close to the planned release date as feasible. Once the patches are released, we will inform you again and share details of the applicable patch versions and links to the published advisories. The information shared here is based on our current knowledge, and we will update you as soon as possible if our guidance changes. Best regards, The n8n Security Team -
It's patched in 2.9.3. Quite a few vulnerabilities actually. SQL Injection, SSO bypass, Chat auth bypass etc.
https://github.com/n8n-io/n8n/security/advisories/GHSA-jh8h-6c9q-7gmw
-
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login