OAuth Vulnerability in n8n Workflow Automation Platform
CVE-2026-45732

8.3HIGH

Key Information:

Vendor: N8n-io
Status: N8n
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-45732?

An authorization bypass vulnerability exists in the n8n workflow automation platform, where the OAuth1 and OAuth2 credential reconnect endpoints were incorrectly configured. Before specific versions, these endpoints utilized 'credential:read' permissions, allowing authenticated users with limited access to initiate a reconnect flow that could overwrite sensitive token information. This flaw could allow attackers to gain unauthorized access to workflows reliant on affected credentials, leading to potential data exfiltration and persistent integration takeovers via external accounts. The issue has been resolved in the latest updates to n8n.

Affected Version(s)

n8n < 1.123.43 < 1.123.43

n8n >= 2.0.0-rc.0, < 2.20.7 < 2.0.0-rc.0, 2.20.7

n8n >= 2.21.0, < 2.21.1 < 2.21.0, 2.21.1

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-6h...

x_refsource_CONFIRM

CVSS V4

Score:

8.3

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-45732 Data

JSON

N8n-io

What is CVE-2026-45732?

Affected Version(s)

References

CVSS V4

Timeline