CVE-2026-59253
Undergoing Analysis Undergoing Analysis - In Progress

Improper Authorization in n8n Workflow Assignment

Vulnerability report for CVE-2026-59253, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: VulnCheck

Description

n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users to assign workflows to folders in other projects. Attackers can bypass project and folder authorization boundaries by supplying crafted request payloads during workflow creation, causing logical integrity violations in target project folder structures.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-08
AI Q&A
2026-07-08
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
n8n n8n to 2.28.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability if upgrading to n8n version 2.28.0 is not immediately possible, administrators should temporarily restrict project membership and workflow creation permissions to fully trusted users.

Upgrading to n8n version 2.28.0 or later is the definitive fix for this issue.

Executive Summary

CVE-2026-59253 is an improper authorization vulnerability in n8n versions before 2.28.0. It allows authenticated users who have workflow creation permissions in one project to bypass authorization boundaries and assign workflows to folders in other projects they do not have access to.

This is done by supplying crafted request payloads during workflow creation, which causes logical integrity violations in the folder structures of the target projects at the database level.

The workflow remains in the attacker's project and is not visible to members of the target project, and no data from the target project is exposed.

The vulnerability affects instances where multi-project and folder support is enabled.

Impact Analysis

The impact of this vulnerability is a logical integrity violation of the target project's folder structure at the database level.

Although the attacker can assign workflows to folders in other projects, the workflows remain in the attacker's project and are not visible to the target project's members.

No data from the target project is exposed or compromised.

This could lead to confusion or mismanagement of project folder structures but does not result in direct data leakage or unauthorized data access.

Administrators can mitigate the risk by restricting project membership and workflow creation permissions to fully trusted users if upgrading is not immediately possible.

Compliance Impact

The vulnerability allows authenticated users to bypass authorization boundaries and assign workflows to folders in other projects, causing logical integrity violations at the database level. However, no data from the target projects is exposed or accessible to unauthorized users.

Since the issue does not result in unauthorized data disclosure or access, but rather affects logical integrity of folder assignments, its direct impact on compliance with data protection regulations such as GDPR or HIPAA is limited.

Organizations relying on n8n should consider the risk of unauthorized workflow assignments as a potential integrity issue, but this vulnerability does not inherently lead to personal data breaches or violations of confidentiality requirements under these standards.

Detection Guidance

This vulnerability involves authenticated users crafting request payloads during workflow creation to bypass authorization boundaries. Detection would involve monitoring for unusual or unauthorized workflow creation requests that assign workflows to folders in projects the user should not have access to.

Since the issue is at the application logic level and involves crafted API requests, detection can be approached by auditing API request logs for suspicious payloads or by verifying workflow assignments against user permissions.

No specific detection commands are provided in the available resources.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-59253. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart