内容来源：https://blog.n8n.io/security-advisory-20260108/

内容总结：

【安全通告】n8n工作流自动化平台近日修复一项高危漏洞，自托管用户需尽快升级

2025年11月，n8n团队发现其1.65至1.120.4版本中存在一项高危安全漏洞，并于11月18日通过发布1.121.0版本完成修复。该漏洞主要影响自托管用户，云托管实例已自动完成安全更新。

漏洞详情
该漏洞存在于特定表单工作流配置中。若工作流同时包含“支持文件上传的表单提交触发器”和“返回二进制文件的表单结束节点”，攻击者可能利用输入验证缺陷，在未授权情况下读取服务器文件系统，导致敏感信息泄露，并在特定部署配置下可能进一步引发权限提升风险。

影响范围

• 运行1.65至1.120.4版本的自托管实例
• 2.x系列版本（含测试版）不受影响
• 云托管实例已全部自动修复

处置建议

1. 若使用1.65-1.120.4版本，请立即升级至1.121.0或更高版本
2. 可通过官方提供的检测工作流模板扫描潜在风险配置
3. 2.x版本用户无需操作

安全响应说明
n8n团队采用负责任的漏洞披露机制，在确保补丁可用后才进行公告，既给予用户自主升级时间，也避免了修复前可能的大规模攻击。平台通过持续安全监测、渗透测试和漏洞披露计划构建主动防御体系，本次披露正是其安全透明承诺的体现。

用户可通过GitHub关注安全公告，在官方发布说明中获取版本更新详情。

中文翻译：

我们于2025年11月获悉影响n8n 1.65至1.120.4版本的关键安全漏洞。该漏洞已在n8n 1.121.0版本中修复，并于2025年11月18日向全体客户发布。现特此通知，以确保自托管用户掌握保护实例所需信息。

事件说明
该漏洞影响特定表单驱动的工作流。存在漏洞的工作流可能允许未经身份验证的远程攻击者访问系统，可能导致存储信息泄露，并根据部署配置和工作流使用情况引发进一步安全风险。

漏洞触发条件
若n8n实例同时满足以下条件，则可能存在风险：

1. 正在运行包含「表单提交触发器」且接受文件元素的工作流
2. 工作流中包含返回二进制文件的「表单结束节点」
   由于输入验证机制存在缺陷，在特定受限条件下，攻击者可能通过访问表单（包括未经验证的调用方）读取底层文件系统。

潜在影响
受影响范围：

• 运行1.65至1.120.4版本的自托管实例
• 所有2.x版本（含RC/测试版）已包含安全补丁
• 云实例已完成自动升级并处于安全状态

若漏洞被利用可能导致：

• 特定配置下n8n实例权限提升
• 敏感信息遭未授权访问

处置措施

• 若运行1.65-1.120.4版本：请立即升级至1.121.0或更高版本
• 若运行任何2.x版本（含RC/测试版）：无需操作，已包含安全修复

常见问题
如何判断实例是否受影响？
同时满足以下条件即受影响：

1. 运行1.65-1.120.4版本
2. 存在同时包含「接受文件元素的表单提交触发器」与「返回二进制文件的表单结束节点」的活跃工作流
   运行1.121.0+版本或任何2.x版本不受影响

云客户注意事项
我们将于12小时内自动升级并加固您的实例，您也可通过云控制台手动启动升级。
您可运行此工作流模板扫描实例中潜在的风险工作流。

版本与漏洞跟踪

• 版本更新说明请查阅发布日志（含GitHub提交记录链接）
• 安全漏洞披露请关注GitHub CVE公告

安全承诺说明
我们通过漏洞披露计划积极践行安全承诺，优先响应外部报告及自主发现的问题，并坚持透明披露原则。

补丁发布时效说明
虽然补丁已于11月18日发布，但我们为确保补丁全面部署、给予客户灵活升级窗口，同时降低未部署缓解措施时可能出现的广泛攻击风险，故选择当前进行通报。自启动漏洞披露计划以来，我们始终秉持负责任披露原则，在处理其他漏洞报告的同时对此采取主动防护策略。

感谢您对此安全更新的及时关注。n8n通过持续监控、定期渗透测试和负责任披露程序践行主动安全标准，本次通报正是我们透明化承诺的体现。

英文来源：

We were made aware in November of a critical security vulnerability affecting n8n version 1.65-1.120.4. This has been fixed in n8n version 1.121.0 and released to our entire customer base on November 18, 2025. We're reaching out to ensure self-hosted users have the information needed to secure their instances.
What happened: The reported vulnerability affects certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker. This could potentially result in exposure of information stored on the system and may enable further compromise depending on deployment configuration and workflow usage.
An n8n instance is potentially vulnerable if it has an active workflow with a Form Submission trigger accepting a file element, and a Form Ending node returning a binary file. Due to improper input validation, such a workflow could, under specific limited conditions, theoretically be exploited to gain read access to the underlying file system. The vulnerable workflow could be exploited by an attacker who can access the form, including unauthenticated callers.
Potential impact
Who is affected:

• Self-hosted instances running versions 1.65-1.120.4
• If you're running any 2.x version (including any RC/beta), you already have this security fix
• Cloud instances have already been automatically upgraded and are secure
  If this vulnerability were exploited, it could lead to:
• In certain configurations, privilege escalation within the n8n instance
• Unauthorized access to sensitive information stored in your n8n instance
  Required action
  If you're running version 1.65-1.120.4: Please update your n8n instance to version 1.121.0 (or later) as soon as possible. This version contains the necessary security fixes.
  If you're running any 2.x version (including any RC/beta): No action needed - you already have this security fix.
  FAQ
  Is my n8n instance affected?
  Your instance is affected if you're running version 1.65-1.120.4 with an active workflow that has both:
• A Form Submission trigger accepting a file element, AND
• A Form Ending node returning a binary file
  If you're running version 1.121.0 or later, or any 2.x version, you are not affected.
  If you're a Cloud customer, we'll upgrade and secure your instance in the next 12 hours. You can also start the upgrade from your Cloud dashboard.
  You can run this workflow template to scan your instance for potentially vulnerable workflows.
  How can I keep track of n8n releases?
  Access our release notes here - each one also links to the GitHub commits for detailed information.
  How can I keep track of n8n CVEs?
  We disclose our CVEs on GitHub.
  How is n8n addressing security?
  We take an active stance on security through our Vulnerability Disclosure Program. We prioritize responding to reportsand things we find ourselves, and we're committed to transparent disclosure.
  Since this issue was patched on November 18, why was it not communicated until now?
  We wanted to ensure the patches had been released and offer our customers the opportunity to update on their own timing. We also wanted to reduce the risk of widespread attacks that would likely have occurred if we didn’t have a mitigation in place. Responsible disclosure is something we take seriously, and this allowed us to be more proactive than reactive as we also respond to various other bug reports we’ve received since starting our Vulnerability Disclosure Program
  We appreciate your prompt attention to this security update. n8n maintains a proactive security standards through continuous monitoring, regular penetration testing, and a responsible disclosure program. This disclosure participates of our commitment to transparency.