CVE-2026-54305
Analyzed Analyzed - Analysis Complete

Authentication Bypass in n8n Workflow Automation

Vulnerability report for CVE-2026-54305, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-23

Last updated on: 2026-06-26

Assigner: GitHub, Inc.

Description

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An authenticated user with no project membership or credential sharing relationship could enumerate credential identifiers, names, and types referenced by any private workflow in the instance, initiate an OAuth authorization flow against another user's credential to overwrite its stored tokens with tokens bound to an account they control, or revoke another user's stored credential tokens entirely. Workflows relying on a hijacked credential would subsequently execute under the attacker's OAuth identity, enabling data exfiltration to attacker-controlled external services and persistent takeover of integrations. Token revocation would break affected workflows. This vulnerability is fixed in 1.123.55, 2.25.7, and 2.26.2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-23
Last Modified
2026-06-26
Generated
2026-07-14
AI Q&A
2026-06-23
EPSS Evaluated
2026-07-12
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
n8n n8n to 1.123.55 (exc)
n8n n8n From 2.0.0 (inc) to 2.25.7 (exc)
n8n n8n From 2.26.0 (inc) to 2.26.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

This vulnerability allows an attacker to exfiltrate data to external services and persistently take over integrations by hijacking OAuth credentials. Such unauthorized access and data exfiltration can lead to violations of data protection regulations like GDPR and HIPAA, which mandate strict controls over personal and sensitive data access and processing.

The ability to enumerate credential details and overwrite or revoke tokens without proper authorization undermines confidentiality and integrity requirements commonly enforced by these standards.

Therefore, if exploited, this vulnerability could result in non-compliance with regulations that require safeguarding user data and ensuring only authorized access to sensitive workflows and credentials.

Executive Summary

CVE-2026-54305 is a high-severity vulnerability in the n8n workflow automation platform affecting versions prior to 1.123.55, 2.25.7, and 2.26.2. It involves three Enterprise Edition (EE) endpoints used by the Dynamic Credentials feature that did not properly enforce ownership or scope checks on authenticated sessions.

This flaw allowed an authenticated user, even without project membership or credential sharing, to enumerate credential identifiers, names, and types from any private workflow. The attacker could also initiate OAuth authorization flows to overwrite another user's stored tokens with tokens they control or revoke another user's credential tokens entirely.

Exploiting this vulnerability enables attackers to execute workflows under their own OAuth identity, potentially leading to data exfiltration to attacker-controlled external services and persistent takeover of integrations. Token revocation could also break affected workflows.

Impact Analysis

This vulnerability can have serious impacts including unauthorized access to sensitive credential information and the ability for attackers to hijack workflows by executing them under their own OAuth identity.

Attackers could exfiltrate data to external services they control, leading to potential data breaches. They could also persistently take over integrations, compromising the integrity and confidentiality of your workflows.

Additionally, attackers can revoke credential tokens, which would disrupt or break workflows relying on those credentials, causing operational issues.

Detection Guidance

This vulnerability involves unauthorized access to Dynamic Credentials EE endpoints in n8n, allowing enumeration and manipulation of credential tokens. Detection would involve monitoring for unusual OAuth authorization flows, unexpected token overwrites, or revocation activities on credentials without proper project membership or sharing relationships.

Since the vulnerability exploits authenticated sessions without proper ownership checks, commands or logs to check for suspicious API calls to the three Dynamic Credentials EE endpoints or unusual OAuth token activities could help detect exploitation attempts.

However, no specific detection commands or scripts are provided in the available resources.

Mitigation Strategies

To mitigate this vulnerability immediately, upgrade n8n to one of the patched versions: 1.123.55, 2.25.7, or 2.26.2.

If upgrading is not immediately possible, temporary mitigations include restricting access to the n8n instance to trusted users only or disabling the Dynamic Credentials feature if it is not required.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54305. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart