CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

NCSC-2026-0212 [1.00] [M/H] Vulnerabilities fixed in n8n workflow automation platform

unknownCVE-2026-54301CVE-2026-54302CVE-2026-54304CVE-2026-54305CVE-2026-54306CVE-2026-54307
n8n has fixed multiple vulnerabilities in the n8n workflow automation platform, specifically in versions prior to 1.123.55, 2.24.0, 2.25.7, 2.26.1, and 2.26.2. The vulnerabilities affect various components of the n8n platform. Authenticated users with workflow editing rights can bypass Content-Security-Policy (CSP) via the Respond to Webhook node and inject JavaScript via the Chat Trigger node. Furthermore, they can exfiltrate API tokens via the SecurityScorecard node and access, overwrite, or revoke credentials of other users via the Dynamic Credentials feature. Users with editor access to shared workflows can view others' credentials due to insufficient ownership checks. Unauthenticated attackers can submit false payloads via the MicrosoftAgent365Trigger and StripeTrigger nodes, leading to the execution of workflows with malicious data.

CSIRTS triage

vendor: n8nproduct: n8nAuthentication bypassOtheraffected: prior to 1.123.55, 2.24.0, 2.25.7, 2.26.1, and 2.26.2
What
Authenticated users can bypass security policies and exfiltrate sensitive data through various nodes.
Who is affected
Authenticated users with workflow editing rights in n8n versions prior to the specified versions.
Urgency
Remediation is urgent due to the risk of data exfiltration and unauthorized access to credentials.
Action
Upgrade to the specified versions of n8n to address these vulnerabilities.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch n8n

Get an email when a new n8n advisory drops — max one per day, one-click unsubscribe.

Details

Source
NCSC-NL Advisories (NL · national-cert · site)
Severity
unknown
Published
2026-06-29
Exploitation
Not in CISA KEV at last sync
Language
Machine-translated to English — verify against the original

Original advisory: https://advisories.ncsc.nl/advisory?id=NCSC-2026-0212

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-54301coverage & exploitation statusNVD · CVE.org
CVE-2026-54302coverage & exploitation statusNVD · CVE.org
CVE-2026-54304coverage & exploitation statusNVD · CVE.org
CVE-2026-54305coverage & exploitation statusNVD · CVE.org
CVE-2026-54306coverage & exploitation statusNVD · CVE.org
CVE-2026-54307coverage & exploitation statusNVD · CVE.org
CVE-2026-54308coverage & exploitation statusNVD · CVE.org
CVE-2026-54309coverage & exploitation statusNVD · CVE.org
CVE-2026-54310coverage & exploitation statusNVD · CVE.org
CVE-2026-54311coverage & exploitation statusNVD · CVE.org
CVE-2026-54312coverage & exploitation statusNVD · CVE.org
CVE-2026-54313coverage & exploitation statusNVD · CVE.org
CVE-2026-54314coverage & exploitation statusNVD · CVE.org
CVE-2026-54303coverage & exploitation statusNVD · CVE.org

Same CVEs, other sources

How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.

Recent advisories for n8n workflow automation

A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.

More from NCSC-NL Advisories