CVE-2026-54305
Awaiting Analysis Awaiting Analysis - Queue
Authentication Bypass in n8n Workflow Automation

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: GitHub, Inc.

Description
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An authenticated user with no project membership or credential sharing relationship could enumerate credential identifiers, names, and types referenced by any private workflow in the instance, initiate an OAuth authorization flow against another user's credential to overwrite its stored tokens with tokens bound to an account they control, or revoke another user's stored credential tokens entirely. Workflows relying on a hijacked credential would subsequently execute under the attacker's OAuth identity, enabling data exfiltration to attacker-controlled external services and persistent takeover of integrations. Token revocation would break affected workflows. This vulnerability is fixed in 1.123.55, 2.25.7, and 2.26.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-54305
EUVD
EUVD-2026-38476
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
n8n n8n 1.123.55
n8n n8n 2.25.7
n8n n8n 2.26.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-54305 is a high-severity vulnerability in the n8n workflow automation platform affecting versions prior to 1.123.55, 2.25.7, and 2.26.2. It involves three Enterprise Edition (EE) endpoints used by the Dynamic Credentials feature that did not properly enforce ownership or scope checks on authenticated sessions.

This flaw allowed an authenticated user, even without project membership or credential sharing, to enumerate credential identifiers, names, and types from any private workflow. The attacker could also initiate OAuth authorization flows to overwrite another user's stored tokens with tokens they control or revoke another user's credential tokens entirely.

Exploiting this vulnerability enables attackers to execute workflows under their own OAuth identity, potentially leading to data exfiltration to attacker-controlled external services and persistent takeover of integrations. Token revocation could also break affected workflows.

Impact Analysis

This vulnerability can have serious impacts including unauthorized access to sensitive credential information and the ability for attackers to hijack workflows by executing them under their own OAuth identity.

Attackers could exfiltrate data to external services they control, leading to potential data breaches. They could also persistently take over integrations, compromising the integrity and confidentiality of your workflows.

Additionally, attackers can revoke credential tokens, which would disrupt or break workflows relying on those credentials, causing operational issues.

Detection Guidance

This vulnerability involves unauthorized access to Dynamic Credentials EE endpoints in n8n, allowing enumeration and manipulation of credential tokens. Detection would involve monitoring for unusual OAuth authorization flows, unexpected token overwrites, or revocation activities on credentials without proper project membership or sharing relationships.

Since the vulnerability exploits authenticated sessions without proper ownership checks, commands or logs to check for suspicious API calls to the three Dynamic Credentials EE endpoints or unusual OAuth token activities could help detect exploitation attempts.

However, no specific detection commands or scripts are provided in the available resources.

Mitigation Strategies

To mitigate this vulnerability immediately, upgrade n8n to one of the patched versions: 1.123.55, 2.25.7, or 2.26.2.

If upgrading is not immediately possible, temporary mitigations include restricting access to the n8n instance to trusted users only or disabling the Dynamic Credentials feature if it is not required.

Compliance Impact

This vulnerability allows an attacker to exfiltrate data to external services and persistently take over integrations by hijacking OAuth credentials. Such unauthorized access and data exfiltration can lead to violations of data protection regulations like GDPR and HIPAA, which mandate strict controls over personal and sensitive data access and processing.

The ability to enumerate credential details and overwrite or revoke tokens without proper authorization undermines confidentiality and integrity requirements commonly enforced by these standards.

Therefore, if exploited, this vulnerability could result in non-compliance with regulations that require safeguarding user data and ensuring only authorized access to sensitive workflows and credentials.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54305. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart