Improper access control in n8n - #VU135225
Published: June 25, 2026
n8n
Detailed vulnerability description
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to improper access control in workflow node expressions when resolving external secrets references. A remote user can reference external secrets in a node expression to disclose sensitive information.
Only instances with the external secrets feature configured are vulnerable.