n8n released version 1.123.47 on May 25, 2026, addressing 16 security vulnerabilities across several dependencies including vm2, ws, protobufjs, and others. Additionally, urllib3 was upgraded to fix a security issue. This patch is critical for users who self-host n8n and rely on its security posture.
This patch focuses entirely on security. The team fixed 16 issues in vm2, ws, protobufjs, and four more packages. They also upgraded urllib3 from version 2.6.3 to 2.7.0 to address a separate security flaw. No new features or behavioral changes are included.
If you run n8n on your own infrastructure, these fixes close gaps that could allow remote code execution or data leaks. The vm2 sandbox escape has been a recurring concern in automation tools. Upgrading urllib3 also reduces the attack surface for network requests. It’s a no-brainer update — install it as soon as possible.
Official Source: https://github.com/n8n-io/n8n/releases/tag/n8n%401.123.47