Description
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to cross-user credential access. This issue affects instances where workflow sharing is enabled and at least one workflow has been shared with a member-level user as an Editor. This vulnerability is fixed in 1.123.55, 2.25.7, and 2.26.2.
Published: 2026-06-23
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A member-level user assigned editor role on a shared workflow can use specific public API endpoints to view credentials that belong to other users. Because the system only enforces credential ownership partially, this misconfiguration leads to cross‑user credential access. The exploit is available when workflow sharing is enabled and at least one workflow is shared with an editor. The attacker can exfiltrate authentication tokens and other sensitive data, thus compromising the confidentiality of user accounts. This is an improper restriction of resources (CWE‑863).

Affected Systems

The affected product is n8n, developed by n8n‑io. Versions prior to 1.123.55, 2.25.7, and 2.26.2 are vulnerable. The issue occurs when workflow sharing is enabled and at least one workflow is shared with a member‑level user as an Editor. All installations that meet these conditions are at risk until the recommended versions are applied.

Risk and Exploitability

The CVSS score of 8.5 classifies this as a high‑severity vulnerability. EPSS information is not available, so the exploitation probability cannot be precisely quantified; however the flaw can be reached via public API endpoints, meaning that an attacker only needs network access to the n8n instance. The vulnerability is not currently listed in CISA’s KEV catalog. Because any editor on a shared workflow can exploit the bypass, the potential impact is significant with relative ease of exploitation once the conditions are met.

Generated by OpenCVE AI on June 24, 2026 at 11:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade n8n to version 1.123.55 or newer, 2.25.7 or newer, or 2.26.2 or newer depending on your installation.
  • Until the upgrade can be performed, restrict or disable workflow sharing for users with Editor role to prevent the bypass.
  • Audit existing shared workflows and remove editor permissions for users who do not require access to credential references.

Generated by OpenCVE AI on June 24, 2026 at 11:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-pmqw-72cg-wx85 n8n: Credential Exfiltration via Permission Bypass
History

Wed, 24 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared N8n
N8n n8n
Vendors & Products N8n
N8n n8n

Tue, 23 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to cross-user credential access. This issue affects instances where workflow sharing is enabled and at least one workflow has been shared with a member-level user as an Editor. This vulnerability is fixed in 1.123.55, 2.25.7, and 2.26.2.
Title n8n: Credential Exfiltration via Permission Bypass
Weaknesses CWE-863
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-23T17:03:12.592Z

Reserved: 2026-06-12T18:42:02.222Z

Link: CVE-2026-54307

cve-icon Vulnrichment

Updated: 2026-06-23T16:59:21.002Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T16:00:06Z

Weaknesses