Workflow Automation Platform Vulnerability in n8n by n8n.io
CVE-2026-59207

7.1HIGH

Key Information:

Vendor

N8n-io

Status
Vendor
CVE Published:
9 July 2026

What is CVE-2026-59207?

The n8n platform, known for its workflow automation capabilities, has a vulnerability associated with its AI Agents feature. Prior to versions 2.27.4 and 2.28.1, the system failed to adequately enforce the Allowed HTTP Request Domains restriction on credentials. This oversight permitted a member-level user with use-only access to share credentials to potentially leak sensitive information by sending secrets to an external server they control. This flaw has been addressed in the latest updates, reinforcing the security of user credentials and overall system integrity.

Affected Version(s)

n8n >= 2.28.0, < 2.28.1 < 2.28.0, 2.28.1

n8n < 2.27.4 < 2.27.4

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.