Improper access control in n8n - #VU137165
Published: July 8, 2026
n8n
Detailed vulnerability description
The vulnerability allows a remote user to escalate privileges.
The vulnerability exists due to improper access control in the Token Exchange module when issuing access tokens from externally trusted JWTs. A remote user can obtain a token exchange JWT and invoke administrator-only Public API operations to escalate privileges.
Only instances with the Token Exchange feature and the Public API enabled are vulnerable. Exploitation requires access to an external JWT accepted by a configured trusted key. Role escalation additionally requires an Advanced Permissions license.