CVE-2026-42226
Undergoing Analysis Undergoing Analysis - In Progress
Credential Exfiltration in n8n Workflow Automation

Publication date: 2026-05-04

Last updated on: 2026-05-06

Assigner: GitHub, Inc.

Description
n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workflow could supply a foreign credential ID in the request body, causing the backend to decrypt and use that credential in a helper execution path where the caller also controls the destination URL. This allowed the caller to force the backend to authenticate against attacker-controlled infrastructure using a credential belonging to another user, effectively exfiltrating a reusable API key. The issue is not limited to any single node type; any node that resolves credentials dynamically through these endpoints may be affected. This issue has been patched in versions 1.123.33, 2.17.5, and 2.18.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-04
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-05-05
EPSS Evaluated
2026-06-14
NVD
CVE-2026-42226
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
n8n n8n to 1.123.33 (exc)
n8n n8n From 2.17.0 (inc) to 2.17.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows an authenticated user to exfiltrate reusable API keys belonging to other users by exploiting improper authorization checks on credential references. Such unauthorized access and potential data exposure could lead to violations of data protection regulations like GDPR and HIPAA, which mandate strict controls over access to sensitive information and credentials.

By enabling attackers to misuse credentials and potentially access or manipulate protected data or services, the vulnerability undermines confidentiality and integrity requirements essential for compliance with these standards.

Executive Summary

This vulnerability exists in the n8n workflow automation platform prior to versions 1.123.33 and 2.17.5. The issue is that the dynamic-node-parameters endpoints did not properly verify if an authenticated user was authorized to use a credential reference they supplied. As a result, an authenticated user with access to a shared workflow could provide a credential ID belonging to another user. This caused the backend to decrypt and use that foreign credential in a helper execution path, where the user also controls the destination URL.

This flaw allowed the attacker to force the backend to authenticate against attacker-controlled infrastructure using another user's credential, effectively exfiltrating a reusable API key. The vulnerability is not limited to any single node type but affects any node that resolves credentials dynamically through these endpoints.

The issue has been fixed in versions 1.123.33, 2.17.5, and 2.18.0.

Impact Analysis

This vulnerability can lead to unauthorized access to credentials belonging to other users within the n8n platform. An attacker who is authenticated and has access to a shared workflow can exfiltrate reusable API keys by tricking the backend into using those credentials to authenticate against attacker-controlled infrastructure.

The impact includes potential compromise of sensitive API keys, which could be used to access external services or data, leading to data breaches, unauthorized actions, or further exploitation within connected systems.

Mitigation Strategies

To mitigate this vulnerability, upgrade n8n to version 1.123.33, 2.17.5, 2.18.0 or later, where the issue has been patched.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42226. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart