Impact
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download operation to target an attacker-controlled URL. The node attached the SecurityScorecard API token to the outbound request, causing the credential to be sent to the attacker-controlled host bypassing credential configured limitations and exfiltrating. This vulnerability is fixed in 1.123.55, 2.25.7, and 2.26.1.
Affected Systems
The vulnerability affects installations of n8n running any version prior to the patched releases 1.123.55, 2.25.7, or 2.26.1. Any instance running a vulnerable version and employing the SecurityScorecard node is at risk.
Risk and Exploitability
The CVSS score of 7.1 reflects a moderate to high risk given the potential for credential compromise. EPSS data is not available, and the vulnerability is not yet listed in the CISA KEV catalog. Exploitation requires a user with workflow edit permissions and legitimate access to a SecurityScorecard credential, making it a privilege-based attack vector rather than remote unauthenticated exploitation. While the prerequisite access limits the attack surface, the impact of the token leak is significant because the credential can be used to reach external SecurityScorecard services.
OpenCVE Enrichment
Github GHSA