Auth bypass in N8n-io N8n

CVE-2026-33724

n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker pos…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.000 (4.4th percentile) — read the EPSS interpretation.

Affected products

N8n-io N8n — versions < 2.5.0

Weakness classification (CWE)

CWE-639 — Authorization Bypass Through User-Controlled Key

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-43v7-fp2v-68f6 (x_refsource_CONFIRM)