n8n Node.js 程序包 < 1.121.0 域允许列表绕过/凭据外泄 (CVE-2026-25631)

版本 1.2

Feb 17, 2026, 12:54 AM

CVSS metrics ("Cvssv4 threat score" set to 5.3)
CVSS metrics ("Cvssv4 threat vector" set to "CVSS:4.0/E:U")
CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C")
CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C")
Exploit attributes ("Exploit available" set to "False")
Exploit attributes ("Exploitability ease" set to "No known exploits are available")