10 matches found
CVE-2026-54305
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An...
CVE-2026-45732 n8n: Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate ...
CVE-2026-54305
CVE-2026-54305 affects n8n Enterprise instances using the Dynamic Credentials EE Endpoints. Prior to versions 1.123.55, 2.25.7, and 2.26.2, three Dynamic Credentials endpoints accepted any authenticated session without per-resource ownership or scope checks on the target workflow or credential. A...
CVE-2026-54305
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An...
CVE-2026-54305 n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An...
n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints
Impact Three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An authenticated user with no project membership or credential sharing relationship could...
NPM: n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints
NPM: n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...
PT-2026-50171
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.55 n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description Three Enterprise Edition endpoints used by the Dynamic Credentials feature fail to perform per-resource ownership or scope checks on target...
NPM: n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints
NPM: n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...
Security Bulletin: IBM Sterling Connect:Direct for UNIX Container is affected by vulnerability where hard-coded credentials are embeeded in the product for its internal use.
Summary IBM Sterling Connect:Direct for UNIX Container requires credential for Standard User Mode deployment. This fix removes the hard-coded credentials and uses dynamically generated one during container initialization. Vulnerability Details CVEID:CVE-2025-14115 DESCRIPTION: IBM® Sterling...