Back to overview

CVE-2026-59207

HIGH
7.1
CVSS 4.0
Description
n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a shared credential to send its secret to an external server they control. This issue is fixed in versions 2.27.4 and 2.28.1.

Metadata

CVE ID
CVE-2026-59207
State
PUBLISHED
Assigner
GitHub_M
Reserved
2026-07-02 21:05 UTC
Published
2026-07-09 15:16 UTC
Last updated
2026-07-09 15:51 UTC
Primary CWE
CWE-693
CWE-693: Protection Mechanism Failure
Vendor / Product
n8n-io / n8n
Sources
cve.org  ·  NVD

Severity & Metrics

7.1 HIGH CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
n8n-io n8n >= 2.28.0, < 2.28.1, < 2.27.4
Weakness (CWE)
CWESourceDescription
CWE-693 cna CWE-693: Protection Mechanism Failure
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.1 HIGH 4.0 cna CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N
References (3)
Back to overview