How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability involves an authenticated user without permission to list external secrets being able to retrieve plaintext secret values by referencing the secret name during credential saving in n8n instances configured with external secrets vaults.

Detection would involve monitoring or testing for unauthorized access attempts to external secrets by users with low privileges, especially attempts to save credentials referencing external secrets.

Since the vulnerability requires authentication and knowledge or guessing of secret names, detection could include reviewing n8n logs for credential save operations by low-privileged users that reference external secrets.

No specific commands or automated detection scripts are provided in the available information.

Useful 0 Not Useful 0

Can you explain this vulnerability to me?

This vulnerability affects the n8n workflow automation platform prior to versions 2.6.4 and 1.123.23. An authenticated user who does not have permission to list external secrets can still reference a secret by its external name within a credential and retrieve its plaintext value when saving that credential. This bypasses the intended permission check (`externalSecret:list`) and allows access to secrets stored in connected vaults without requiring admin or owner privileges.

To exploit this vulnerability, the n8n instance must have an external secrets vault configured, and the attacker must know or be able to guess the name of the target secret. The issue has been fixed in versions 1.123.23 and 2.6.4 of n8n.

Until upgrading, administrators can mitigate the risk by restricting n8n access to fully trusted users or disabling external secrets integration, though these are only temporary measures and do not fully resolve the vulnerability.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can lead to unauthorized disclosure of sensitive secrets stored in external vaults connected to n8n. An attacker with authenticated access but without proper permissions can retrieve plaintext secret values, potentially exposing credentials, API keys, or other confidential information.

Such unauthorized access can compromise the security of systems and services that rely on these secrets, leading to further exploitation, data breaches, or unauthorized actions performed using the exposed credentials.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability immediately, users should upgrade n8n to version 1.123.23 or 2.6.4 or later, where the issue is fixed.

If upgrading is not immediately possible, administrators should consider temporary mitigations such as restricting n8n access to fully trusted users only and/or disabling external secrets integration until the patch can be applied.

Note that these workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

CVE-2026-33722 allows low-privileged authenticated users to bypass authorization controls and access plaintext external secrets stored in connected vaults. This unauthorized disclosure of sensitive information poses a significant confidentiality risk.

Such unauthorized access to secrets can lead to non-compliance with common data protection standards and regulations like GDPR and HIPAA, which require strict controls over access to sensitive data and secrets to protect confidentiality and privacy.

Organizations using affected versions of n8n should upgrade to patched versions or apply temporary mitigations to reduce the risk of unauthorized secret disclosure and help maintain compliance with these regulations.

Useful 0 Not Useful 0