Authorization Bypass Affecting n8n package, versions >=2.0.0-rc.0 <2.25.7>=2.26.0 <2.26.2


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

Social Trends
EPSS
0.34% (27th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Authorization Bypass vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-JS-N8N-17890473
  • published8 Jul 2026
  • disclosed23 Jun 2026
  • creditAlwion,Harish Kolla

Introduced: 23 Jun 2026

NewCVE-2026-54305  (opens in a new tab)
CWE-285  (opens in a new tab)

How to fix?

Upgrade n8n to version 2.25.7, 2.26.2 or higher.

Overview

n8n is a n8n Workflow Automation Tool

Affected versions of this package are vulnerable to Authorization Bypass in three Enterprise Edition Dynamic Credentials endpoints, which accept any authenticated session without performing per-resource ownership or scope checks. A user with any authenticated n8n session can take over other users' credentials by calling these endpoints to enumerate credential identifiers, initiate OAuth flows that overwrite tokens with attacker-controlled accounts, or revoke credentials, regardless of project membership or sharing relationships. Exploitation affects only Enterprise instances with the Dynamic Credentials feature enabled.

CVSS Base Scores

version 4.0
version 3.1