Server-Side Request Forgery (SSRF) in n8n - #VU137163
Published: July 8, 2026
n8n
Detailed vulnerability description
The vulnerability allows a remote user to access internal network resources via server-side request forgery.
The vulnerability exists due to improper access control in /rest/dynamic-node-parameters/ endpoints when handling requests with an absolute URL in the routing configuration. A remote user can send a specially crafted request to access internal network resources via server-side request forgery.
Workflow creation or execution is not required. The issue is exposed when SSRF protection is disabled by default.