Auth bypass in N8n
CVE-2026-59259
n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a permission bypass vulnerability in external secrets handling caused by a mismatch between the static validation check and the runtime expression engine. An authenticated user with…
Vulnerability class: IDOR (Insecure Direct Object Reference)
Affected products
- N8n — versions 0, 1.123.61, 2.28.1
Weakness classification (CWE)
References
- disclosure@vulncheck.com (vendor-advisory)
- disclosure@vulncheck.com (third-party-advisory)