CVE-2026-54307
n8n: Credential Exfiltration via Permission Bypass
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to cross-user credential access. This issue affects instances where workflow sharing is enabled and at least one workflow has been shared with a member-level user as an Editor. This vulnerability is fixed in 1.123.55, 2.25.7, and 2.26.2.
| CWE | CWE-863 |
| Vendor | n8n-io |
| Product | n8n |
| Published | Jun 23, 2026 |
| Last Updated | Jun 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for n8n-io n8n
Be the first to know when new unknown vulnerabilities affecting n8n-io n8n are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
n8n-io / n8n
< 1.123.55 >= 2.0.0-rc.0, < 2.25.7 >= 2.26.0, < 2.26.2