CVE-2026-45732
Awaiting Analysis Awaiting Analysis - Queue
OAuth Token Replacement in n8n Workflow Automation

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: GitHub, Inc.

Description
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token material for that credential with tokens bound to an external account they control. Workflows relying on the affected credential would subsequently execute under the attacker's OAuth identity, enabling data exfiltration to attacker-controlled external services and persistent takeover of shared integrations. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-45732
EUVD
EUVD-2026-38482
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
n8n n8n 1.123.43
n8n n8n 2.22.1
n8n n8n 2.20.7
n8n n8n 2.21.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-45732 is a high-severity authorization bypass vulnerability in the n8n workflow automation platform. The issue occurs because the OAuth1 and OAuth2 credential reconnect endpoints incorrectly use the credential:read permission instead of the stricter credential:update permission to authorize access.

This flaw allows an authenticated user who only has read-only access to a shared credential to initiate an OAuth reconnect flow and overwrite the stored token material with tokens linked to an attacker-controlled external account.

As a result, workflows that rely on the affected credential will execute under the attacker's OAuth identity, enabling the attacker to exfiltrate data to external services and maintain persistent control over shared integrations.

Impact Analysis

This vulnerability can lead to unauthorized data exfiltration and persistent takeover of shared integrations within the n8n platform.

An attacker with read-only access to shared credentials can replace OAuth tokens with their own, causing workflows to run under the attacker's identity.

This means sensitive data processed by these workflows can be sent to attacker-controlled external services, potentially leading to data breaches and loss of control over automated processes.

Detection Guidance

This vulnerability can be detected by auditing shared credentials for unexpected OAuth token changes, as attackers may overwrite stored token material with tokens bound to an external account they control.

Since the issue involves OAuth1 and OAuth2 credential reconnect endpoints authorizing with read-only permissions instead of update permissions, monitoring logs for OAuth reconnect flows initiated by users with only read access may help identify exploitation attempts.

Specific commands are not provided in the available resources.

Mitigation Strategies

Immediate mitigation steps include restricting credential sharing to trusted users only.

Additionally, audit all shared credentials for any unexpected OAuth token changes to detect potential compromise.

Upgrading n8n to a fixed version such as 1.123.43, 2.20.7, or 2.21.1 is recommended to fully resolve the vulnerability.

Compliance Impact

This vulnerability allows an attacker to overwrite stored OAuth tokens and execute workflows under the attacker's identity, enabling data exfiltration to external services and persistent takeover of shared integrations.

Such unauthorized access and potential data exfiltration could lead to violations of data protection regulations like GDPR and HIPAA, which require strict controls over access to sensitive data and the prevention of unauthorized data disclosure.

Therefore, affected systems may face compliance risks due to the possibility of unauthorized data access and leakage caused by this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45732. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart