🚨 Security Alert: N8N Trusted Image 'n8n-trusted:2.14.2' Fails Promotion Gate, Requires Manual Review

A critical security re-scan has flagged a previously approved container image as ineligible for deployment. The image `n8n-trusted:2.14.2`, used in automated workflows, now contains vulnerabilities that breach the current security promotion criteria based on age, known exploited vulnerabilities (KEV), and exploit prediction scoring (EPSS). This failure triggers an immediate operational halt, forcing administrators to choose between finding a clean version or pulling the software from live systems.

The alert, generated by a weekly automated security scan on March 30, 2026, identifies two specific findings that now require manual review. Both are classified as critical or high-severity CVEs that have been publicly known for at least 30 days, significantly increasing their exploit risk. The system mandates direct human intervention: teams must either promote a patched version through the official Image Promotion pipeline or revoke the compromised image by updating the `N8N_IMAGE_IDENTIFIER` variable on all host machines.

This incident exposes a latent vulnerability management gap where once-trusted assets can degrade over time, creating unexpected deployment blockers. It places direct pressure on DevOps and security teams to reconcile speed with safety, as continued use of the flagged image could introduce unacceptable risk. The full vulnerability details are available in the linked GitHub Actions workflow run, which serves as the audit trail for this enforced security gate failure.