Lucene search
K

10 matches found

NVD
NVD
added 2026/06/23 5:17 p.m.10 views

CVE-2026-54305

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An...

9.9CVSS0.00343EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 3:52 p.m.46 views

CVE-2026-45732 n8n: Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate ...

8.3CVSS0.00315EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 3:45 p.m.26 views

CVE-2026-54305

CVE-2026-54305 affects n8n Enterprise instances using the Dynamic Credentials EE Endpoints. Prior to versions 1.123.55, 2.25.7, and 2.26.2, three Dynamic Credentials endpoints accepted any authenticated session without per-resource ownership or scope checks on the target workflow or credential. A...

9.9CVSS6AI score0.00343EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/23 3:45 p.m.6 views

CVE-2026-54305

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An...

8.9CVSS6AI score0.00343EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/23 3:45 p.m.48 views

CVE-2026-54305 n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An...

8.9CVSS0.00343EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/16 11:32 p.m.14 views

n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints

Impact Three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An authenticated user with no project membership or credential sharing relationship could...

9.9CVSS5.6AI score0.00343EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/16 11:32 p.m.4 views

NPM: n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints

NPM: n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...

9.9CVSS5.8AI score0.00343EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-50171

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.55 n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description Three Enterprise Edition endpoints used by the Dynamic Credentials feature fail to perform per-resource ownership or scope checks on target...

9.9CVSS6AI score0.00343EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/05/14 4:18 p.m.11 views

NPM: n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints

NPM: n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...

5.8AI score0.00315EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/15 2:48 p.m.5 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX Container is affected by vulnerability where hard-coded credentials are embeeded in the product for its internal use.

Summary IBM Sterling Connect:Direct for UNIX Container requires credential for Standard User Mode deployment. This fix removes the hard-coded credentials and uses dynamically generated one during container initialization. Vulnerability Details CVEID:CVE-2025-14115 DESCRIPTION: IBM® Sterling...

8.4CVSS6.8AI score0.001EPSS
Exploits0Affected Software1
Rows per page
Query Builder