Workflow Automation Platform Vulnerability in n8n by n8n.io
CVE-2026-59207
7.1HIGH
What is CVE-2026-59207?
The n8n platform, known for its workflow automation capabilities, has a vulnerability associated with its AI Agents feature. Prior to versions 2.27.4 and 2.28.1, the system failed to adequately enforce the Allowed HTTP Request Domains restriction on credentials. This oversight permitted a member-level user with use-only access to share credentials to potentially leak sensitive information by sending secrets to an external server they control. This flaw has been addressed in the latest updates, reinforcing the security of user credentials and overall system integrity.
Affected Version(s)
n8n >= 2.28.0, < 2.28.1 < 2.28.0, 2.28.1
n8n < 2.27.4 < 2.27.4
