Improper access control in n8n - #VU137166
Published: July 8, 2026
n8n
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to improper access control in the Token Exchange module when issuing access tokens from externally trusted JWTs. A remote user can obtain a token exchange JWT and use administrator-level Public API capabilities to install community packages and execute arbitrary code.
Only instances with the Token Exchange feature and the Public API enabled are vulnerable. Exploitation requires access to an external JWT accepted by a configured trusted key. This code execution path additionally requires both community packages and unverified packages to be enabled.