Information disclosure in N8n-io N8n
CVE-2026-54305
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope…
Vulnerability class: Information Disclosure
Affected products
- N8n-io N8n — versions < 1.123.55, >= 2.0.0-rc.0, < 2.25.7, >= 2.26.0, < 2.26.2
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)