Exposed Credential Headers in n8n Workflow Automation Platform
CVE-2026-59209
7.1HIGH
What is CVE-2026-59209?
A security issue in the n8n workflow automation platform prior to specified versions allows authenticated users with limited edit access to read sensitive credential information through the $request object in an HTTP Request node. This exposure can lead to the unintentional exfiltration of secrets, which poses a significant risk to users relying on protected credential management. The flaw has been addressed in versions 1.123.61, 2.27.4, and 2.28.1, making it essential for users to upgrade to these versions to ensure their credentials remain secure.
Affected Version(s)
n8n >= 2.28.0, < 2.28.1 < 2.28.0, 2.28.1
n8n >= 2.0.0-rc.0, < 2.27.4 < 2.0.0-rc.0, 2.27.4
n8n < 1.123.61 < 1.123.61
