Improper Authorization in n8n Workflows by n8n
CVE-2026-59253

5.3MEDIUM

Key Information:

Vendor

N8n

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-59253?

n8n prior to version 2.28.0 is susceptible to an improper authorization vulnerability that enables authenticated users to manipulate workflows by assigning them to folders within different projects. This vulnerability allows attackers to bypass the designated project and folder authorization constraints by sending specially crafted request payloads during workflow creation. As a result, this could lead to significant logical integrity violations within the affected project folder structures, potentially compromising data organization and access controls.

Affected Version(s)

n8n 0 < 2.28.0

n8n 2.28.0

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

HO-9
.