A critical credential exfiltration vulnerability in n8n allows authenticated attackers to bypass security restrictions and exfiltrate sensitive authentication data to unauthorized hosts.

This vulnerability involves a flaw in the POST /rest/dynamic-node-parameters/options endpoint that permits authenticated users to bypass Allowed HTTP Request Domains. By crafting malicious requests, an attacker can force the server to transmit credentials to external, unauthorized servers.

The ability to exfiltrate sensitive credentials poses a severe risk to organizational security, potentially leading to full account takeover and unauthorized access to integrated downstream systems. Given the CVSS score of 9.1, this vulnerability is classified as critical, as it undermines the core trust boundaries of the n8n automation platform.

Immediate Action: Upgrade the n8n instance to version 2.20.0 or later immediately to resolve the endpoint validation flaw.

Proactive Monitoring: Review web server and application access logs for suspicious POST requests to the /rest/dynamic-node-parameters/options endpoint originating from non-authorized internal users.

Compensating Controls: Implement strict egress filtering on the n8n server to prevent unauthorized outbound connections to untrusted domains.

Public Exploit Available: false

This vulnerability represents a significant security risk to any automation workflow relying on n8n. Administrators must prioritize patching this flaw immediately to prevent the potential leakage of high-privilege credentials used in workflow integrations.