Improper access control in n8n - #VU135231

 

Improper access control in n8n - #VU135231

Published: June 25, 2026


Vulnerability identifier: #VU135231
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: n8n
Affected software:
n8n

Detailed vulnerability description

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in the HTTP Request node pagination expression evaluation when processing paginated requests with shared HTTP Header Auth credentials. A remote user can read credential-populated headers from the $request object and copy the secret into item data to disclose sensitive information.

Only instances with N8N_EXPRESSION_ENGINE=vm set are vulnerable, and exploitation requires access to a shared workflow with use-only editor permissions.


Remediation

Install security update from vendor's website.

Sources