CVE-2026-45732 | n8n is an open source workflow automation platform. Prior to… | CVSS 8.3 HIGH

Description

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token material for that credential with tokens bound to an external account they control. Workflows relying on the affected credential would subsequently execute under the attacker's OAuth identity, enabling data exfiltration to attacker-controlled external services and persistent takeover of shared integrations. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.

Metadata

CVE ID: CVE-2026-45732
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2026-05-13 05:51 UTC
Published: 2026-06-23 15:52 UTC
Last updated: 2026-06-23 15:52 UTC
Primary CWE: CWE-639
CWE-639: Authorization Bypass Through User-Controlled Key
Vendor / Product: n8n-io / n8n
Sources: cve.org · NVD

Severity & Metrics

8.3 HIGH CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N

Affected products (1)

Vendor	Product	Platform	Versions
n8n-io	n8n	—	< 1.123.43, >= 2.0.0-rc.0, < 2.20.7, >= 2.21.0, < 2.21.1

Weakness (CWE)

CWE	Source	Description
CWE-639	cna	CWE-639: Authorization Bypass Through User-Controlled Key

CVSS scores (1)

Score	Severity	Version	Source	Vector
8.3	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N

References (1)

https://github.com/n8n-io/n8n/security/advisories/GHSA-6h4j-wcr9-2vg7 https://github.com/n8n-io/n8n/security/advisories/GHSA-6h4j-wcr9-2vg7