SB2026061601 - Multiple vulnerabilities in n8n

Description

This security bulletin contains information about 14 vulnerabilities.

1) Improper Authorization (CVE-ID: N/A)

CWE-ID: CWE-285 - Improper Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to modify evaluation test runs and cause a denial of service.

The vulnerability exists due to improper access control in evaluation test runs controller endpoints when handling state-changing requests. A remote user can send requests to start new evaluation test runs, cancel in-flight runs, or delete run records to modify evaluation test runs and cause a denial of service.

This issue only affects instances with Advanced Permissions where projects and viewer roles are in use.

2) Improper access control (CVE-ID: CVE-2026-54307)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote user to access credentials owned by other users.

The vulnerability exists due to improper access control in specific public API endpoints when handling credential references from shared workflows. A remote user can reference credentials they do not own to access credentials owned by other users.

This issue affects instances where workflow sharing is enabled and at least one workflow has been shared with a member-level user as an Editor.

3) Improper access control (CVE-ID: CVE-2026-54305)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote user to disclose sensitive information, overwrite stored OAuth tokens, or revoke stored credential tokens.

The vulnerability exists due to improper access control in the Dynamic Credentials EE endpoints when handling requests for workflows or credentials without per-resource ownership or scope checks. A remote user can send crafted requests to enumerate credential identifiers, names, and types referenced by private workflows, overwrite another user's stored tokens with tokens bound to an account they control, or revoke stored credential tokens to disclose sensitive information, overwrite stored OAuth tokens, or revoke stored credential tokens.

Only Enterprise instances with the Dynamic Credentials feature enabled are vulnerable.

4) Improper access control (CVE-ID: CVE-2026-54309)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to access browser-control capabilities and disclose sensitive information.

The vulnerability exists due to improper access control in the MCP HTTP transport endpoint when handling session initialization and tool invocation requests. A remote attacker can send crafted requests to access browser-control capabilities and disclose sensitive information.

Only instances running @n8n/mcp-browser with the HTTP transport enabled are affected. If the n8n AI Browser Bridge extension is installed and a browser connection is active, the issue can expose navigation, JavaScript evaluation, and access to browser cookies and storage in the user's real browser profile.

5) Improper access control (CVE-ID: CVE-2026-54304)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in the SecurityScorecard node report download operation when handling a user-supplied URL. A remote user can configure an attacker-controlled URL to cause the SecurityScorecard API token to be sent to an external host and disclose sensitive information.

Exploitation requires permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains.

6) SQL injection (CVE-ID: CVE-2026-54310)

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote user to execute arbitrary SQL commands against the connected database.

The vulnerability exists due to SQL injection in the TimescaleDB and legacy Postgres v1 nodes when processing crafted node parameters. A remote user can supply crafted parameters to execute arbitrary SQL commands against the connected database.

Exploitation requires permission to create or modify workflows, and injected SQL runs within the privileges of the configured database account.

7) Improper access control (CVE-ID: N/A)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to trigger workflow execution and cause unintended side effects in downstream systems.

The vulnerability exists due to improper access control in the POST /workflows/{workflowId}/test-runs/new endpoint when handling requests to create evaluation test runs. A remote user can send a request to create a new test run for a workflow with read-only access to trigger workflow execution and cause unintended side effects in downstream systems.

Only instances using the Evaluations feature are affected.

8) Authentication Bypass by Spoofing (CVE-ID: CVE-2026-54308)

CWE-ID: CWE-290 - Authentication Bypass by Spoofing

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to execute workflows with attacker-controlled data.

The vulnerability exists due to authentication bypass by spoofing in the MicrosoftAgent365Trigger and StripeTrigger nodes when handling inbound webhook requests. A remote attacker can submit a forged payload to execute workflows with attacker-controlled data.

Exploitation requires knowledge of the webhook URL.

9) Cross-site scripting (CVE-ID: CVE-2026-54301)

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

The vulnerability allows a remote user to execute arbitrary JavaScript in the n8n origin.

The vulnerability exists due to improper neutralization of input during web page generation in the Respond to Webhook node when serving binary content with an attacker-controlled Content-Type through a public webhook. A remote user can configure a webhook response to deliver crafted content to execute arbitrary JavaScript in the n8n origin.

User interaction is required, and the victim must visit the public webhook while authenticated to n8n.

10) Prototype pollution (CVE-ID: CVE-2026-54306)

CWE-ID: CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes (\'Prototype Pollution\')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to disclose sensitive information and modify workflow-driven actions.

The vulnerability exists due to improperly controlled modification of object prototype attributes in public webhook workflow data handling when processing a crafted public webhook payload during internal object copying. A remote attacker can send a specially crafted webhook payload to disclose sensitive information and modify workflow-driven actions.

Exploitation is possible when a workflow combines a public webhook with downstream built-in nodes that consume the resulting fields, which can cause the workflow to act on unintended records or issue outbound requests using the workflow owner's configured credentials.

11) Exposure of Data Element to Wrong Session (CVE-ID: CVE-2026-54311)

CWE-ID: CWE-488 - Exposure of Data Element to Wrong Session

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in the Merge node SQL Query mode sandbox when executing workflows containing the Merge node in SQL Query mode. A remote user can create or modify a workflow that pollutes the cached sandbox context to disclose sensitive information.

This issue affects multi-user instances where more than one user can create and execute workflows containing the Merge node in SQL Query mode.

12) Cross-site scripting (CVE-ID: CVE-2026-54302)

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

The vulnerability allows a remote user to execute arbitrary JavaScript in the victim's browser within the n8n origin.

The vulnerability exists due to cross-site scripting in the Chat Trigger generated page when handling a crafted webhookId value. A remote user can set a malicious webhookId and cause script execution in the victim's session context to execute arbitrary JavaScript in the victim's browser within the n8n origin.

User interaction is required when a logged-in user visits the chat URL.

13) Improper access control (CVE-ID: N/A)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in the Python Code node AST security validator when processing Python Code node workflows. A remote user can bypass the validator to access the task executor module namespace and disclose sensitive information.

Only instances with the Python Task Runner enabled are vulnerable. On self-hosted instances where N8N_BLOCK_RUNNER_ENV_ACCESS=false is set, environment variables accessible to the task runner process may be exposed.

14) Improper Authorization (CVE-ID: N/A)

CWE-ID: CWE-285 - Improper Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to bypass authorization checks and retry workflow executions.

The vulnerability exists due to improper access control in the Public API execution retry endpoint when handling retry requests for shared workflows. A remote user can send a retry execution request for a workflow with only read access to bypass authorization checks and retry workflow executions.

This issue affects instances where workflows are shared with other users or across projects.

Remediation

Install update from vendor's website.

References

• https://github.com/n8n-io/n8n/security/advisories/GHSA-664h-gpgq-h6xx
• https://github.com/n8n-io/n8n/security/advisories/GHSA-pmqw-72cg-wx85
• https://github.com/n8n-io/n8n/security/advisories/GHSA-2j5h-858j-5mpf
• https://github.com/n8n-io/n8n/security/advisories/GHSA-qrx8-25qr-5r7v
• https://github.com/n8n-io/n8n/security/advisories/GHSA-rm2v-h48j-895m
• https://github.com/n8n-io/n8n/security/advisories/GHSA-c37g-w77q-m4vp
• https://github.com/n8n-io/n8n/security/advisories/GHSA-hv7x-3x78-gx53
• https://github.com/n8n-io/n8n/security/advisories/GHSA-jvc7-762p-3743
• https://github.com/n8n-io/n8n/security/advisories/GHSA-v733-mwr6-fgcm
• https://github.com/n8n-io/n8n/security/advisories/GHSA-2vff-hj5x-8gq7
• https://github.com/n8n-io/n8n/security/advisories/GHSA-9c38-2mcm-q7f7
• https://github.com/n8n-io/n8n/security/advisories/GHSA-42h7-m79w-wvg5
• https://github.com/n8n-io/n8n/security/advisories/GHSA-jwm3-qcfw-c5pp
• https://github.com/n8n-io/n8n/security/advisories/GHSA-h3jj-5f3v-3685