🚨 n8n 2.14.2 Image Blocked: 13 Critical/High CVEs Trigger Mandatory Security Review

A critical security gate has halted the promotion of the n8n 2.14.2 software image, flagging 13 vulnerabilities rated Critical or High. The automated pipeline has blocked deployment, mandating a manual security review before any release can proceed. This enforcement highlights a significant exposure risk in a widely used workflow automation tool, forcing developers to confront a dense cluster of unpatched flaws before pushing to a trusted environment.

The scan reveals two specific findings that require human intervention, both related to vulnerabilities older than 30 days. While no flaws are currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog and none score high on the Exploit Prediction Scoring System (EPSS), the sheer volume of high-severity issues presents a clear and immediate compliance and operational security hurdle. The promotion attempt, triggered on March 28, 2026, is now stalled in the 'trusted-promotion' environment gate, with the full vulnerability report linked for detailed analysis.

This incident underscores the growing pressure on DevOps and security teams to reconcile development velocity with robust vulnerability management. The requirement for manual review on aged CVEs, even without active known exploitation, signals a shift towards stricter, proactive security postures in CI/CD pipelines. For organizations relying on n8n, this gate failure serves as a direct warning: outdated container images carrying known high-risk flaws will no longer pass silently into production without explicit, accountable approval.