CVE-2026-56348
Analyzed Analyzed - Analysis Complete

Credential Exfiltration in n8n Workflow Automation

Vulnerability report for CVE-2026-56348, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-22

Last updated on: 2026-06-24

Assigner: VulnCheck

Description

n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authenticated users to bypass Allowed HTTP Request Domains restrictions. Attackers with credential access can cause the n8n server to issue HTTP requests with credentials to unauthorized hosts, exfiltrating sensitive authentication data.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-22
Last Modified
2026-06-24
Generated
2026-07-13
AI Q&A
2026-06-23
EPSS Evaluated
2026-07-11
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
n8n n8n to 2.20.0 (exc)
n8n n8n to 2.20.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in n8n versions before 2.20.0 and involves the POST /rest/dynamic-node-parameters/options endpoint. It allows authenticated users to bypass the restrictions set by Allowed HTTP Request Domains. As a result, attackers who have access to credentials can make the n8n server send HTTP requests with those credentials to unauthorized hosts, leading to the exfiltration of sensitive authentication data.

Impact Analysis

The vulnerability can lead to unauthorized disclosure of sensitive authentication credentials. Attackers with credential access can exploit this flaw to make the n8n server send requests to unauthorized external hosts, potentially leaking confidential authentication data. This can result in compromised accounts, unauthorized access to systems, and further exploitation of connected services.

Compliance Impact

The vulnerability allows exfiltration of sensitive authentication data by bypassing domain restrictions, which could lead to unauthorized disclosure of personal or sensitive information.

Such unauthorized data exposure may impact compliance with standards and regulations like GDPR and HIPAA that require protection of sensitive data and prevention of unauthorized access or disclosure.

Organizations using affected versions of n8n should upgrade to version 2.20.0 to mitigate this risk and help maintain compliance with these regulations.

Mitigation Strategies

To mitigate the CVE-2026-56348 vulnerability, the primary and most effective step is to upgrade n8n to version 2.20.0 or later, where the issue has been patched.

As temporary mitigations before upgrading, restrict access to the n8n server to trusted users only and limit the sharing of credentials within the system. However, these measures do not fully resolve the risk.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56348. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart