Workflow Automation Platform Vulnerability in n8n by n8n-io
CVE-2026-59206

7.1HIGH

Key Information:

Vendor

N8n-io

Status
Vendor
CVE Published:
9 July 2026

What is CVE-2026-59206?

n8n, an open-source workflow automation tool, was found to have a vulnerability that allows authenticated users with default workflow:create permission to manipulate Object.prototype. By saving, updating, or importing a crafted workflow via the workflow API, these users could inadvertently expose sensitive user and project listing endpoints to unauthenticated requests, which could be treated as privileged actions. The issue has been resolved in versions 1.123.61, 2.27.4, and 2.28.1.

Affected Version(s)

n8n >= 2.28.0, < 2.28.1 < 2.28.0, 2.28.1

n8n >= 2.0.0-rc.0, < 2.27.4 < 2.0.0-rc.0, 2.27.4

n8n < 1.123.61 < 1.123.61

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.