Improper access control in n8n - #VU135231
Published: June 25, 2026
n8n
Detailed vulnerability description
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to improper access control in the HTTP Request node pagination expression evaluation when processing paginated requests with shared HTTP Header Auth credentials. A remote user can read credential-populated headers from the $request object and copy the secret into item data to disclose sensitive information.
Only instances with N8N_EXPRESSION_ENGINE=vm set are vulnerable, and exploitation requires access to a shared workflow with use-only editor permissions.