Auth bypass in N8n-io N8n

CVE-2026-45732

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user wi…

Vulnerability class: IDOR (Insecure Direct Object Reference)

Affected products

N8n-io N8n — versions < 1.123.43, >= 2.0.0-rc.0, < 2.20.7, >= 2.21.0, < 2.21.1

Weakness classification (CWE)

CWE-639 — Authorization Bypass Through User-Controlled Key

References

security-advisories@github.com (x_refsource_CONFIRM)