Search criteria
Related vulnerabilities
GHSA-6H4J-WCR9-2VG7
Vulnerability from github – Published: 2026-05-14 16:18 – Updated: 2026-05-14 16:18
VLAI
Summary
n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints
Details
Impact
The OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token material for that credential with tokens bound to an external account they control. Workflows relying on the affected credential would subsequently execute under the attacker's OAuth identity, enabling data exfiltration to attacker-controlled external services and persistent takeover of shared integrations.
This issue affects instances where credentials are shared with other users or across projects.
Patches
The issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.21.1. Users should upgrade to one of these versions or later to remediate the vulnerability.
Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations: - Restrict credential sharing to fully trusted users only. - Audit shared credentials for unexpected OAuth token changes and revoke any tokens that may have been replaced.
These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
n8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Severity
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "n8n"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.123.43"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "n8n"
},
"ranges": [
{
"events": [
{
"introduced": "2.21.0"
},
{
"fixed": "2.21.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "n8n"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0-rc.0"
},
{
"fixed": "2.20.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-45732"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-14T16:18:14Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "## Impact\nThe OAuth1 and OAuth2 credential reconnect endpoints authorized access using `credential:read` rather than `credential:update`. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token material for that credential with tokens bound to an external account they control. Workflows relying on the affected credential would subsequently execute under the attacker\u0027s OAuth identity, enabling data exfiltration to attacker-controlled external services and persistent takeover of shared integrations.\n\nThis issue affects instances where credentials are shared with other users or across projects.\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.21.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Restrict credential sharing to fully trusted users only.\n- Audit shared credentials for unexpected OAuth token changes and revoke any tokens that may have been replaced.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.\n\n---\nn8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility.\n\nCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"id": "GHSA-6h4j-wcr9-2vg7",
"modified": "2026-05-14T16:18:15Z",
"published": "2026-05-14T16:18:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-6h4j-wcr9-2vg7"
},
{
"type": "PACKAGE",
"url": "https://github.com/n8n-io/n8n"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N",
"type": "CVSS_V4"
}
],
"summary": "n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints"
}
WID-SEC-W-2026-1519
Vulnerability from csaf_certbund - Published: 2026-05-12 22:00 - Updated: 2026-05-17 22:00Summary
n8n: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: n8n ist ein Workflow-Automatisierungstool, mit dem verschiedene Anwendungen und Dienste miteinander verbunden werden können, um Aufgaben zu automatisieren.
Angriff: Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in n8n ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsmaßnahmen zu umgehen, SQL-Injection-Angriffe durchzuführen, Daten zu manipulieren oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
n8n n8n <2.21.1
n8n / n8n
|
<2.21.1 | ||
|
n8n n8n <2.20.7
n8n / n8n
|
<2.20.7 | ||
|
n8n n8n <2.22.1
n8n / n8n
|
<2.22.1 | ||
|
n8n n8n <1.123.43
n8n / n8n
|
<1.123.43 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
n8n n8n <2.21.1
n8n / n8n
|
<2.21.1 | ||
|
n8n n8n <2.20.7
n8n / n8n
|
<2.20.7 | ||
|
n8n n8n <2.22.1
n8n / n8n
|
<2.22.1 | ||
|
n8n n8n <1.123.43
n8n / n8n
|
<1.123.43 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
n8n n8n <2.21.1
n8n / n8n
|
<2.21.1 | ||
|
n8n n8n <2.20.7
n8n / n8n
|
<2.20.7 | ||
|
n8n n8n <2.22.1
n8n / n8n
|
<2.22.1 | ||
|
n8n n8n <1.123.43
n8n / n8n
|
<1.123.43 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
n8n n8n <2.21.1
n8n / n8n
|
<2.21.1 | ||
|
n8n n8n <2.20.7
n8n / n8n
|
<2.20.7 | ||
|
n8n n8n <1.123.43
n8n / n8n
|
<1.123.43 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
n8n n8n <2.21.1
n8n / n8n
|
<2.21.1 | ||
|
n8n n8n <2.20.7
n8n / n8n
|
<2.20.7 | ||
|
n8n n8n <1.123.43
n8n / n8n
|
<1.123.43 |
Vulnerability 6
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
n8n n8n <2.20.0
n8n / n8n
|
<2.20.0 | ||
|
n8n n8n <1.123.43
n8n / n8n
|
<1.123.43 |
References
8 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "n8n ist ein Workflow-Automatisierungstool, mit dem verschiedene Anwendungen und Dienste miteinander verbunden werden k\u00f6nnen, um Aufgaben zu automatisieren.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in n8n ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, SQL-Injection-Angriffe durchzuf\u00fchren, Daten zu manipulieren oder vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1519 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1519.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1519 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1519"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-3875-8gcx-7v46 vom 2026-05-12",
"url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-3875-8gcx-7v46"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-57g9-58c2-xjg3 vom 2026-05-12",
"url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-57g9-58c2-xjg3"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-6h4j-wcr9-2vg7 vom 2026-05-12",
"url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-6h4j-wcr9-2vg7"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-c8xv-5998-g76h vom 2026-05-12",
"url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-c8xv-5998-g76h"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-mhrx-qhrj-673w vom 2026-05-12",
"url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-mhrx-qhrj-673w"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-wrwr-h859-xh2r vom 2026-05-12",
"url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-wrwr-h859-xh2r"
}
],
"source_lang": "en-US",
"title": "n8n: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-05-17T22:00:00.000+00:00",
"generator": {
"date": "2026-05-18T05:46:13.889+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-1519",
"initial_release_date": "2026-05-12T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-05-12T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-05-17T22:00:00.000+00:00",
"number": "2",
"summary": "Erg\u00e4nzung Version 2.21.1; Anpassung Versionszuordnungen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.20.0",
"product": {
"name": "n8n n8n \u003c2.20.0",
"product_id": "T054013"
}
},
{
"category": "product_version",
"name": "2.20.0",
"product": {
"name": "n8n n8n 2.20.0",
"product_id": "T054013-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:n8n:n8n:2.20.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.123.43",
"product": {
"name": "n8n n8n \u003c1.123.43",
"product_id": "T054014"
}
},
{
"category": "product_version",
"name": "1.123.43",
"product": {
"name": "n8n n8n 1.123.43",
"product_id": "T054014-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:n8n:n8n:1.123.43"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.22.1",
"product": {
"name": "n8n n8n \u003c2.22.1",
"product_id": "T054015"
}
},
{
"category": "product_version",
"name": "2.22.1",
"product": {
"name": "n8n n8n 2.22.1",
"product_id": "T054015-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:n8n:n8n:2.22.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.20.7",
"product": {
"name": "n8n n8n \u003c2.20.7",
"product_id": "T054016"
}
},
{
"category": "product_version",
"name": "2.20.7",
"product": {
"name": "n8n n8n 2.20.7",
"product_id": "T054016-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:n8n:n8n:2.20.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.21.1",
"product": {
"name": "n8n n8n \u003c2.21.1",
"product_id": "T054228"
}
},
{
"category": "product_version",
"name": "2.21.1",
"product": {
"name": "n8n n8n 2.21.1",
"product_id": "T054228-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:n8n:n8n:2.21.1"
}
}
}
],
"category": "product_name",
"name": "n8n"
}
],
"category": "vendor",
"name": "n8n"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44789",
"product_status": {
"known_affected": [
"T054228",
"T054016",
"T054015",
"T054014"
]
},
"release_date": "2026-05-12T22:00:00.000+00:00",
"title": "CVE-2026-44789"
},
{
"cve": "CVE-2026-44790",
"product_status": {
"known_affected": [
"T054228",
"T054016",
"T054015",
"T054014"
]
},
"release_date": "2026-05-12T22:00:00.000+00:00",
"title": "CVE-2026-44790"
},
{
"cve": "CVE-2026-44791",
"product_status": {
"known_affected": [
"T054228",
"T054016",
"T054015",
"T054014"
]
},
"release_date": "2026-05-12T22:00:00.000+00:00",
"title": "CVE-2026-44791"
},
{
"cve": "CVE-2026-44792",
"product_status": {
"known_affected": [
"T054228",
"T054016",
"T054014"
]
},
"release_date": "2026-05-12T22:00:00.000+00:00",
"title": "CVE-2026-44792"
},
{
"cve": "CVE-2026-45732",
"product_status": {
"known_affected": [
"T054228",
"T054016",
"T054014"
]
},
"release_date": "2026-05-12T22:00:00.000+00:00",
"title": "CVE-2026-45732"
},
{
"product_status": {
"known_affected": [
"T054013",
"T054014"
]
},
"release_date": "2026-05-12T22:00:00.000+00:00"
}
]
}