{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/n8n--1.123.43/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["n8n (\u003c 1.123.43)","n8n (\u003e= 2.21.0, \u003c 2.21.1)","n8n (\u003e= 2.0.0-rc.0, \u003c 2.20.7)"],"_cs_severities":["high"],"_cs_tags":["authorization-bypass","oauth","credential-theft"],"_cs_type":"advisory","_cs_vendors":["n8n GmbH"],"content_html":"\u003cp\u003eA cross-user authorization bypass vulnerability exists in n8n\u0026rsquo;s Dynamic Credential OAuth endpoints. Specifically, the OAuth1 and OAuth2 credential reconnect endpoints incorrectly authorized access using \u003ccode\u003ecredential:read\u003c/code\u003e instead of the necessary \u003ccode\u003ecredential:update\u003c/code\u003e permission. This flaw allows an authenticated user with only read-only access to a shared credential to initiate an OAuth reconnect flow. By doing so, the attacker can overwrite the stored token material for the credential with tokens bound to an external account under their control. This can lead to workflows relying on the compromised credential executing under the attacker\u0026rsquo;s OAuth identity. The issue affects n8n versions before 1.123.43, versions between 2.0.0-rc.0 and 2.20.7, and versions between 2.21.0 and 2.21.1.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains access to an n8n instance with shared credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies a shared credential to which they have read-only access.\u003c/li\u003e\n\u003cli\u003eThe attacker navigates to the OAuth1 or OAuth2 credential reconnect endpoint for the target credential.\u003c/li\u003e\n\u003cli\u003eDue to the authorization bypass (CVE-2026-45732), the attacker is able to initiate an OAuth reconnect flow despite lacking update permissions.\u003c/li\u003e\n\u003cli\u003eThe attacker authenticates with their own external OAuth provider account.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s OAuth tokens are used to overwrite the existing tokens for the shared credential.\u003c/li\u003e\n\u003cli\u003eWorkflows using the shared credential now execute under the attacker\u0026rsquo;s OAuth identity.\u003c/li\u003e\n\u003cli\u003eThe attacker can exfiltrate data to attacker-controlled external services or maintain persistent access to shared integrations.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability (CVE-2026-45732) allows an attacker to overwrite OAuth tokens in shared credentials, leading to data exfiltration to attacker-controlled external services. This can result in persistent takeover of shared integrations, potentially impacting multiple users or projects that rely on the compromised credential. The affected instances are those where credentials are shared with other users or across projects, creating a significant risk of unauthorized access and data breaches.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade n8n to version 1.123.43, 2.20.7, 2.21.1, or later to remediate CVE-2026-45732 as advised in the advisory.\u003c/li\u003e\n\u003cli\u003eIf immediate upgrade is not possible, restrict credential sharing to fully trusted users as a temporary mitigation.\u003c/li\u003e\n\u003cli\u003eAudit shared credentials for unexpected OAuth token changes and revoke any tokens that may have been replaced as an additional short-term measure.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-14T16:25:42Z","date_published":"2026-05-14T16:25:42Z","id":"https://feed.craftedsignal.io/briefs/2026-05-n8n-oauth-bypass/","summary":"CVE-2026-45732 describes a high-severity authorization bypass vulnerability in n8n's OAuth1 and OAuth2 credential reconnect endpoints, where insufficient permission checks allow a user with read-only access to overwrite OAuth tokens, potentially leading to data exfiltration and persistent takeover of shared integrations.","title":"n8n Cross-User Authorization Bypass in Dynamic Credential OAuth Endpoints (CVE-2026-45732)","url":"https://feed.craftedsignal.io/briefs/2026-05-n8n-oauth-bypass/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["n8n (\u003c 1.123.43)","n8n (\u003e= 2.21.0, \u003c 2.22.1)","n8n (\u003e= 2.0.0-rc.0, \u003c 2.20.7)"],"_cs_severities":["critical"],"_cs_tags":["arbitrary file read","n8n","git node","CVE-2026-44790"],"_cs_type":"advisory","_cs_vendors":["n8n GmbH"],"content_html":"\u003cp\u003eA critical vulnerability, CVE-2026-44790, exists within the n8n workflow automation platform. The vulnerability resides in the Git node\u0026rsquo;s Push operation, where an authenticated user with permissions to create or modify workflows can inject arbitrary CLI flags. This injection allows the attacker to read arbitrary files from the n8n server\u0026rsquo;s file system. Successful exploitation can lead to complete compromise of the n8n instance, including access to sensitive data stored on the server, such as credentials, API keys, and internal configuration files. Patches have been released in n8n versions 1.123.43, 2.20.7, and 2.22.1 to address this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains authenticated access to an n8n instance.\u003c/li\u003e\n\u003cli\u003eThe attacker obtains permissions to create or modify workflows within n8n.\u003c/li\u003e\n\u003cli\u003eThe attacker creates or modifies a workflow to include the Git node.\u003c/li\u003e\n\u003cli\u003eWithin the Git node\u0026rsquo;s configuration, specifically the Push operation, the attacker injects malicious CLI flags. These flags are crafted to read arbitrary files from the server\u0026rsquo;s file system (e.g., using \u003ccode\u003egit --help\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe workflow is executed, and the Git node attempts to perform the Push operation with the injected flags.\u003c/li\u003e\n\u003cli\u003eDue to the flag injection, the Git command executes with the attacker-supplied arguments.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves the contents of the targeted file, which may contain sensitive information.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the stolen information to further compromise the n8n instance or connected systems.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-44790 allows an attacker to read arbitrary files from the n8n server. This can expose sensitive information such as API keys, credentials, configuration files, and other internal data. A successful attack could lead to full compromise of the n8n instance and potentially impact connected systems and data. The severity of the impact is critical due to the potential for complete system takeover and sensitive data exposure.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade n8n to version 1.123.43, 2.20.7, 2.22.1, or later to patch CVE-2026-44790 as mentioned in the advisory.\u003c/li\u003e\n\u003cli\u003eLimit workflow creation and editing permissions to only fully trusted users as a short-term workaround.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect n8n Git Node CLI Injection\u003c/code\u003e to identify potential exploitation attempts by monitoring process execution with suspicious Git commands.\u003c/li\u003e\n\u003cli\u003eMonitor n8n application logs for Git node operations involving unusual command-line arguments, focusing on commands that attempt to read files outside the intended Git repository.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-14T16:23:03Z","date_published":"2026-05-14T16:23:03Z","id":"https://feed.craftedsignal.io/briefs/2026-05-n8n-file-read/","summary":"An authenticated user with workflow creation or modification permissions can inject CLI flags into the Git node's Push operation, leading to arbitrary file read on the n8n server; patched in versions 1.123.43, 2.20.7, and 2.22.1, and tracked as CVE-2026-44790.","title":"n8n Arbitrary File Read via Git Node (CVE-2026-44790)","url":"https://feed.craftedsignal.io/briefs/2026-05-n8n-file-read/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["n8n (\u003c 1.123.43)","n8n (\u003e= 2.21.0, \u003c 2.22.1)","n8n (\u003e= 2.0.0-rc.0, \u003c 2.20.7)"],"_cs_severities":["critical"],"_cs_tags":["prototype pollution","RCE","n8n","CVE-2026-44791"],"_cs_type":"advisory","_cs_vendors":["n8n GmbH"],"content_html":"\u003cp\u003eAn authenticated user with permission to create or modify workflows can bypass the patch for GHSA-hqr4-h3xv-9m3r in the XML node of n8n, a workflow automation platform. This vulnerability, identified as CVE-2026-44791, allows for prototype pollution. Successful exploitation, when chained with other nodes, can lead to remote code execution (RCE) on the n8n host. The affected versions include n8n versions prior to 1.123.43, versions 2.21.0 to 2.22.1 (excluding 2.22.1), and versions 2.0.0-rc.0 to 2.20.7 (excluding 2.20.7). This vulnerability matters to defenders because it allows attackers to gain complete control over the n8n instance, potentially compromising sensitive data and enabling further malicious activities.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains authenticated access to an n8n instance with workflow creation and modification privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious workflow that includes the XML node.\u003c/li\u003e\n\u003cli\u003eThe attacker exploits CVE-2026-44791, bypassing the patch for GHSA-hqr4-h3xv-9m3r by manipulating XML node parameters to inject a prototype pollution payload.\u003c/li\u003e\n\u003cli\u003eThe prototype pollution modifies JavaScript object prototypes within the n8n environment.\u003c/li\u003e\n\u003cli\u003eThe attacker chains the XML node with other nodes in the workflow (e.g., Function node, Execute Command node).\u003c/li\u003e\n\u003cli\u003eThe polluted prototypes are leveraged by the subsequent nodes to execute arbitrary JavaScript code.\u003c/li\u003e\n\u003cli\u003eThe arbitrary code execution allows the attacker to execute system commands on the n8n host.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves remote code execution (RCE), gaining control of the n8n host and potentially compromising the underlying system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-44791 allows an attacker to achieve remote code execution on the n8n host. This could lead to the complete compromise of the n8n instance, potentially affecting all workflows and data managed by the platform. The attacker could potentially access sensitive information, modify workflows for malicious purposes, or use the compromised host as a pivot point for further attacks within the network. The vulnerability affects n8n instances running vulnerable versions prior to the patched versions, impacting any organization using n8n for workflow automation.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade n8n to version 1.123.43, 2.20.7, or 2.22.1 or later to remediate CVE-2026-44791, as mentioned in the overview.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect n8n XML Node Prototype Pollution Attempt\u0026rdquo; to identify suspicious workflow creations involving the XML node, as described in the rules section.\u003c/li\u003e\n\u003cli\u003eIf immediate upgrade is not possible, implement the suggested workarounds by limiting workflow creation/editing permissions or disabling the XML node via the \u003ccode\u003eNODES_EXCLUDE\u003c/code\u003e environment variable, as detailed in the overview section.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-14T16:22:47Z","date_published":"2026-05-14T16:22:47Z","id":"https://feed.craftedsignal.io/briefs/2026-05-n8n-xml-prototype-bypass/","summary":"An authenticated n8n user with workflow creation privileges can bypass a previous patch for XML node prototype pollution, potentially leading to remote code execution on the n8n host when combined with other nodes; patched in versions 1.123.43, 2.20.7, and 2.22.1.","title":"n8n XML Node Prototype Pollution Patch Bypass Leads to RCE","url":"https://feed.craftedsignal.io/briefs/2026-05-n8n-xml-prototype-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — N8n (\u003c 1.123.43)","version":"https://jsonfeed.org/version/1.1"}