Improper access control in n8n - #VU137166

 

Improper access control in n8n - #VU137166

Published: July 8, 2026


Vulnerability identifier: #VU137166
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: n8n
Affected software:
n8n

Detailed vulnerability description

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to improper access control in the Token Exchange module when issuing access tokens from externally trusted JWTs. A remote user can obtain a token exchange JWT and use administrator-level Public API capabilities to install community packages and execute arbitrary code.

Only instances with the Token Exchange feature and the Public API enabled are vulnerable. Exploitation requires access to an external JWT accepted by a configured trusted key. This code execution path additionally requires both community packages and unverified packages to be enabled.


Remediation

Install security update from vendor's website.

Sources