Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.3
n8n Workflow Guardrail Can Be Bypassed by Malicious Users
GHSA-fvfv-ppw4-7h2w
Summary
Using n8n's Guardrail node, malicious users can bypass security checks that are meant to prevent harm. This is a risk if your workflow uses the Guardrail node and is accessible to untrusted users. To fix this issue, update to n8n version 2.10.0 or later. If that's not possible, limit access to trusted users and adjust your workflow to minimize potential harm.
What to do
- Update GitHub Actions n8n to version 2.10.0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| GitHub Actions | n8n | <= 2.10.0 | 2.10.0 |
Original title
n8n has a Guardrail Node Bypass
Original description
## Impact
An end user interacting with a workflow that uses the Guardrail node could craft an input that bypasses the default guardrail instructions.
## Patches
The issue has been fixed in n8n version 2.10.0. Users should upgrade to this version or later to remediate the vulnerability.
## Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
- Limit access to trusted users.
- Review asses the practical impact of guardrail bypasses in your usecase and adjust your workflow accordingly.
These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
An end user interacting with a workflow that uses the Guardrail node could craft an input that bypasses the default guardrail instructions.
## Patches
The issue has been fixed in n8n version 2.10.0. Users should upgrade to this version or later to remediate the vulnerability.
## Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
- Limit access to trusted users.
- Review asses the practical impact of guardrail bypasses in your usecase and adjust your workflow accordingly.
These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
ghsa CVSS3.1
3.7
ghsa CVSS4.0
6.3
Vulnerability type
CWE-20
Improper Input Validation
CWE-693
Protection Mechanism Failure
Published: 26 Feb 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026