Security Advisory: Security Vulnerability in n8n Versions 1.65-1.120.4

In November, a critical security vulnerability affecting n8n versions 1.65-1.120.4 was identified, which could allow unauthenticated remote attackers to access sensitive information through certain form-based workflows, leading to potential system compromise. This vulnerability was addressed in version 1.121.0, released on November 18, 2025, and users running self-hosted instances are advised to update to this version or later to secure their systems, while cloud instances are automatically upgraded. The vulnerability involved active workflows with a Form Submission trigger accepting a file element and a Form Ending node returning a binary file, which could be exploited due to improper input validation. n8n emphasizes its commitment to security through a robust Vulnerability Disclosure Program and encourages users to monitor releases via GitHub for additional details. The company delayed communication of the patch to ensure users could update at their own pace and to mitigate the risk of widespread attacks.