Improper Authorization in n8n - #VU135224
Published: June 25, 2026
n8n
Detailed vulnerability description
The vulnerability allows a remote user to modify folder associations across project authorization boundaries.
The vulnerability exists due to improper authorization in workflow creation when handling a crafted workflow creation request. A remote user can supply a crafted request payload to modify folder associations across project authorization boundaries.
Only instances with multi-project and folder support enabled are vulnerable.