Workflow Automation Platform Vulnerability in n8n by n8n-io
CVE-2026-59206
7.1HIGH
What is CVE-2026-59206?
n8n, an open-source workflow automation tool, was found to have a vulnerability that allows authenticated users with default workflow:create permission to manipulate Object.prototype. By saving, updating, or importing a crafted workflow via the workflow API, these users could inadvertently expose sensitive user and project listing endpoints to unauthenticated requests, which could be treated as privileged actions. The issue has been resolved in versions 1.123.61, 2.27.4, and 2.28.1.
Affected Version(s)
n8n >= 2.28.0, < 2.28.1 < 2.28.0, 2.28.1
n8n >= 2.0.0-rc.0, < 2.27.4 < 2.0.0-rc.0, 2.27.4
n8n < 1.123.61 < 1.123.61
