Lucene search
K

13 matches found

NVD
NVD
added last week8 views

CVE-2026-56778

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an authorization bypass in the Public API execution retry endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a shared workflow can use the Public API to ret...

6.4CVSS0.00174EPSS
Exploits0References2
CVE
CVE
added last week17 views

CVE-2026-56778

CVE-2026-56778 (n8n) : Affected versions are n8n before 2.25.7 and 2.26.x before 2.26.2. The Public API execution retry endpoint authorizes with the workflow:read scope instead of workflow:execute, allowing an authenticated user with read-only access to a shared workflow to retry executions, bypa...

6.4CVSS6.1AI score0.00174EPSS
Exploits0References2Affected Software1
OSV
OSV
added last week5 views

CVE-2026-56778 n8n - Authorization Bypass in Public API Execution Retry Endpoint

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an authorization bypass in the Public API execution retry endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a shared workflow can use the Public API to ret...

5.3CVSS6.2AI score0.00174EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/23 6:19 p.m.9 views

Incorrect Authorization

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Incorrect Authorization in the shared workflows. An attacker can gain unauthorized access to credentials belonging to other users by exploiting insufficient ownership checks via specific public API...

9.9CVSS5.9AI score0.00315EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 5:17 p.m.12 views

CVE-2026-54307

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to...

9.6CVSS0.00315EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 3:47 p.m.36 views

CVE-2026-54307

Summary: CVE-2026-54307 affects n8n prior to versions 1.123.55, 2.25.7, and 2.26.2, where a member-level editor of a shared workflow could reference credentials they do not own due to partial credential ownership checks, enabling cross-user credential access via public API endpoints. The issue is...

9.6CVSS5.8AI score0.00315EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/16 11:2 p.m.7 views

GHSA-PMQW-72CG-WX85 n8n: Credential Exfiltration via Permission Bypass

Impact A member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to cross-user credential access. This issue affects instances where workflow sharing i...

9.6CVSS6AI score0.00315EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/16 11:2 p.m.12 views

n8n: Credential Exfiltration via Permission Bypass

Impact A member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to cross-user credential access. This issue affects instances where workflow sharing i...

9.6CVSS5.9AI score0.00315EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50173

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.55 n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An open source workflow automation platform contains an issue where a member-level user with editor access to a shared workflow can reference...

9.6CVSS5.9AI score0.00315EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42226

n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workflow could supp...

7.5CVSS5.6AI score0.0026EPSS
Exploits0References1
CVE
CVE
added 2026/05/04 6:26 p.m.36 views

CVE-2026-42226

The CVE concerns n8n, an open source workflow automation platform. Before versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workfl...

7.5CVSS5.9AI score0.0026EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/07/15 1:13 a.m.3 views

MAL-2025-5956 Malicious code in shared-workflows (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d2e9e3bd8389efce3114016d94776de4d6947e98d829761b9bb1be64e02ff66 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/15 1:13 a.m.6 views

Malicious code in shared-workflows (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d2e9e3bd8389efce3114016d94776de4d6947e98d829761b9bb1be64e02ff66 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Rows per page
Query Builder