Auth bypass in N8n-io N8n

CVE-2026-33665

n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the lo…

Vulnerability class: Broken Authentication

EPSS: 0.000 (9.1th percentile) — read the EPSS interpretation.

Affected products

N8n-io N8n — versions < 1.121.0, >= 2.0.0-rc.0, < 2.4.0

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-c545-x2rh-82fc (x_refsource_CONFIRM)