Improper Authorization in n8n Workflows by n8n
CVE-2026-59253
5.3MEDIUM
What is CVE-2026-59253?
n8n prior to version 2.28.0 is susceptible to an improper authorization vulnerability that enables authenticated users to manipulate workflows by assigning them to folders within different projects. This vulnerability allows attackers to bypass the designated project and folder authorization constraints by sending specially crafted request payloads during workflow creation. As a result, this could lead to significant logical integrity violations within the affected project folder structures, potentially compromising data organization and access controls.
Affected Version(s)
n8n 0 < 2.28.0
n8n 2.28.0
