Full Report
n8n security advisory (AV26-628)
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in n8n (AV26-628)
## CVE Details
*Note: Specific CVE IDs were not enumerated in the summary provided by the Cyber Centre; however, the advisory references four distinct security flaws (GHSA IDs).*
- **CVE ID:** Pending/See References (GHSA-h44j-f5r5-ph73, GHSA-75qm-gp28-rcq9, GHSA-mq3m-f8x3-579w, GHSA-q3j5-8vrg-4p9q)
- **CVSS Score:** Not explicitly listed (Estimated High based on "Unauthenticated Enumeration" and "Credential Leak")
- **CWE:** CWE-1321 (Prototype Pollution), CWE-200 (Information Exposure), CWE-284 (Improper Access Control)
## Affected Systems
- **Products:** n8n (Workflow Automation Tool)
- **Versions:**
- Versions prior to 2.28.1
- Versions prior to 2.27.4
- Versions prior to 1.123.61
- **Configurations:** Systems using AI Agents MCP Connector, external identity issuers, or paginated HTTP requests.
## Vulnerability Description
n8n addressed four primary security flaws in this advisory:
1. **SSRF/Restriction Bypass:** A flaw in the "Allowed HTTP Request Domains" feature via the AI Agents MCP Connector, allowing requests to bypass domain restrictions.
2. **Prototype Pollution:** Vulnerability in Workflow Credentials allowing unauthenticated attackers to enumerate users and projects.
3. **Identity Resolution Flaw:** Cross-issuer token exchange vulnerability where account binding relies solely on 'Subject' identity resolution, potentially leading to account takeover.
4. **Information Disclosure:** A header leak occurring in the HTTP Request node when pagination expressions are used, potentially exposing shared credentials to unauthorized endpoints.
## Exploitation
- **Status:** PoC status not explicitly confirmed in the advisory; likely available for Prototype Pollution flaw based on GHSA details.
- **Complexity:** Low to Medium
- **Attack Vector:** Network
## Impact
- **Confidentiality:** High (Credential leaks and user/project enumeration)
- **Integrity:** Medium (Account binding issues)
- **Availability:** Low
## Remediation
### Patches
Users should upgrade to one of the following fixed versions depending on their current release branch:
- **n8n v2.28.1**
- **n8n v2.27.4**
- **n8n v1.123.61**
### Workarounds
- Limit the use of AI Agents MCP Connector if not strictly required.
- Disable unauthenticated access to the n8n instance using a network-level firewall or VPN.
- Audit HTTP Request nodes that utilize pagination expressions and shared credentials.
## Detection
- **Indicators of Compromise:** Unusual enumeration patterns in web server logs (repeated hits to user/project endpoints).
- **Detection methods:** Review n8n audit logs for unauthorized "Shared Credential" access or unexpected outbound HTTP requests from the AI Agent service.
## References
- [hXXps://github[.]com/n8n-io/n8n/security/advisories/GHSA-h44j-f5r5-ph73]
- [hXXps://github[.]com/n8n-io/n8n/security/advisories/GHSA-75qm-gp28-rcq9]
- [hXXps://github[.]com/n8n-io/n8n/security/advisories/GHSA-mq3m-f8x3-579w]
- [hXXps://github[.]com/n8n-io/n8n/security/advisories/GHSA-q3j5-8vrg-4p9q]
- [hXXps://www[.]cyber[.]gc[.]ca/en/alerts-advisories/n8n-security-advisory-av26-628]