Impact
A member-level user assigned editor role on a shared workflow can use specific public API endpoints to view credentials that belong to other users. Because the system only enforces credential ownership partially, this misconfiguration leads to cross‑user credential access. The exploit is available when workflow sharing is enabled and at least one workflow is shared with an editor. The attacker can exfiltrate authentication tokens and other sensitive data, thus compromising the confidentiality of user accounts. This is an improper restriction of resources (CWE‑863).
Affected Systems
The affected product is n8n, developed by n8n‑io. Versions prior to 1.123.55, 2.25.7, and 2.26.2 are vulnerable. The issue occurs when workflow sharing is enabled and at least one workflow is shared with a member‑level user as an Editor. All installations that meet these conditions are at risk until the recommended versions are applied.
Risk and Exploitability
The CVSS score of 8.5 classifies this as a high‑severity vulnerability. EPSS information is not available, so the exploitation probability cannot be precisely quantified; however the flaw can be reached via public API endpoints, meaning that an attacker only needs network access to the n8n instance. The vulnerability is not currently listed in CISA’s KEV catalog. Because any editor on a shared workflow can exploit the bypass, the potential impact is significant with relative ease of exploitation once the conditions are met.
OpenCVE Enrichment
Github GHSA