EUVD-2026-38476

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An...

NPM: n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host

NPM: n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...

NPM: n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints

NPM: n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...

NPM: n8n: Credential Exfiltration via Permission Bypass

NPM: n8n: Credential Exfiltration via Permission Bypass vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...

NPM: n8n: Same-Origin XSS in Respond to Webhook Node

NPM: n8n: Same-Origin XSS in Respond to Webhook Node vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...