Full Report
n8n security advisory (AV26-584)
Analysis Summary
# Vulnerability: Multiple security flaws in n8n nodes and core components
## CVE Details
*Note: The specific CVE identifiers for this 2026 advisory summary are usually assigned during the advisory lifecycle. Based on the provided GitHub Advisory (GHSA) links:*
- **CVE ID:** CVE-2026-PENDING (Referenced via GHSA-pmqw-72cg-wx85, GHSA-2j5h-858j-5mpf, GHSA-qrx8-25qr-5r7v, GHSA-rm2v-h48j-895m)
- **CVSS Score:** Critical/High (Varies by specific flaw)
- **CWE:** CWE-200 (Information Exposure), CWE-284 (Improper Access Control), CWE-287 (Improper Authentication)
## Affected Systems
- **Products:** n8n (Core workflow automation tool and specific nodes)
- **Versions:**
- **Credential Exfiltration:** Multiple versions (Core)
- **Cross-Tenant Takeover:** Multiple versions (Enterprise Edition)
- **n8n MCP Browser:** Versions 2.26.2 to 2.25.7
- **SecurityScorecard Node:** Multiple versions
- **Configurations:** Systems utilizing Dynamic Credentials in Enterprise Edition or using the n8n-nodes-mcp or SecurityScorecard community/integrations.
## Vulnerability Description
This advisory covers four distinct security flaws:
1. **Credential Exfiltration:** A permission bypass allows unauthorized extraction of stored credentials.
2. **Cross-Tenant Credential Takeover:** A flaw in the Enterprise Edition dynamic credentials endpoint allows one tenant to access or take over credentials belonging to another tenant.
3. **MCP Browser Unauthenticated Session:** The n8n MCP Browser HTTP transport fails to properly authenticate sessions, allowing remote attackers to control the browser session.
4. **SecurityScorecard API Leak:** The SecurityScorecard node incorrectly sends the API token to an attacker-controlled host rather than the intended destination.
## Exploitation
- **Status:** Not exploited in the wild (Reported via security researchers/internal audits)
- **Complexity:** Medium
- **Attack Vector:** Network
## Impact
- **Confidentiality:** High (Full exposure of stored credentials and API tokens)
- **Integrity:** High (Ability to manipulate workflows and remote browser sessions)
- **Availability:** Medium (Potential for service disruption via session takeover)
## Remediation
### Patches
Users should upgrade to the latest stable versions of n8n that incorporate these security fixes:
- **n8n Core:** Update to the latest production release (refer to vendor repository).
- **Nodes:** Update individual node packages via the n8n interface or npm.
### Workarounds
- **Credential Protection:** Limit access to the n8n instance using a VPN or IP allow-listing.
- **Node Management:** Disable the "SecurityScorecard" node and "MCP Browser" nodes if not mission-critical until patches are applied.
## Detection
- **Indicators of compromise:** Monitor audit logs for unusual credential access patterns or unexpected IP addresses hitting the `/dynamic-credentials` endpoints.
- **Detection methods:** Inspect network traffic for API tokens being transmitted to domains outside of `*.securityscorecard.com`.
## References
- n8n Security Advisories: hxxps[://]github[.]com/n8n-io/n8n/security
- GHSA-pmqw-72cg-wx85: hxxps[://]github[.]com/n8n-io/n8n/security/advisories/GHSA-pmqw-72cg-wx85
- GHSA-2j5h-858j-5mpf: hxxps[://]github[.]com/n8n-io/n8n/security/advisories/GHSA-2j5h-858j-5mpf
- GHSA-qrx8-25qr-5r7v: hxxps[://]github[.]com/n8n-io/n8n/security/advisories/GHSA-qrx8-25qr-5r7v
- GHSA-rm2v-h48j-895m: hxxps[://]github[.]com/n8n-io/n8n/security/advisories/GHSA-rm2v-h48j-895m
- Canadian Centre for Cyber Security (AV26-584): hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/n8n-security-advisory-av26-584