CVE-2026-33720
n8n (open source workflow automation) has a vulnerability in pre-2.8.0 where setting N8N_SKIP_AUTH_ON_OAUTH_CALLBACK=true causes the OAuth callback to skip ownership verification of the OAuth state. An attacker can trick a victim into completing an OAuth flow for a credential the attacker control...