Full Report
n8n security advisory (AV26-672)
Analysis Summary
# Vulnerability: Multiple Vulnerabilities in n8n Workflow Automation
## CVE Details
*Note: The provided advisory references a collection of security updates; specific CVE identifiers were not enumerated in the source summary. Users should consult the vendor's security page for individual mapping.*
- **CVE ID:** Pending/Multiple (Refer to n8n Security GitHub)
- **CVSS Score:** Untriaged (Assumed High based on advisory priority)
- **CWE:** Not specified
## Affected Systems
- **Products:** n8n (Workflow Automation Tool)
- **Versions:**
- Versions prior to 1.123.64
- Versions prior to 2.30.1
- Versions prior to 2.29.8
- **Configurations:** All standard installations of the affected versions.
## Vulnerability Description
While the specific technical floor was not detailed in the summary bulletin AV26-672, these updates typically address critical flaws such as **Insecure Direct Object References (IDOR)**, **Remote Code Execution (RCE)** within workflow nodes, or **Credential Exposure**. Based on the versioning, the flaws likely reside in the core orchestration engine or the handling of environment variables.
## Exploitation
- **Status:** PoC availability unknown; no reports of exploitation in the wild mentioned in notice.
- **Complexity:** Undetermined
- **Attack Vector:** Network (typically via the Web UI or API endpoints)
## Impact
- **Confidentiality:** Potential for High (Access to automation credentials/secrets)
- **Integrity:** Potential for High (Unauthorized workflow modification)
- **Availability:** Potential for Medium to High
## Remediation
### Patches
The vendor recommends upgrading to the following versions immediately:
- **n8n v1.123.64**
- **n8n v2.30.1**
- **n8n v2.29.8**
### Workarounds
- Ensure the n8n instance is locked behind a VPN or robust Firewall.
- Disable user registration if the instance is public-facing.
- Restrict access to the `/rest/` API endpoints through a reverse proxy (e.g., Nginx).
## Detection
- Monitor access logs for unusual spikes in requests to `/rest/users` or `/rest/workflows`.
- Audit execution logs for unauthorized workflow triggers or changes to sensitive environment variables.
- Check for unauthorized administrative accounts in the user management settings.
## References
- n8n Security GitHub: hxxps[://]github[.]com/n8n-io/n8n/security
- Canadian Centre for Cyber Security Advisory: hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/n8n-security-advisory-av26-672