CVE-2026-59208
n8n-io · n8n
The n8n workflow automation platform contains vulnerabilities related to improper authentication and origin validation, which may allow an authenticated user to perform unauthorized actions.
Executive summary
An improper authentication and origin validation vulnerability in n8n allows authenticated users to compromise the integrity of workflow automation processes.
Vulnerability
The vulnerability stems from improper authentication (CWE-287) and origin validation errors (CWE-346). An authenticated attacker can exploit these flaws to bypass security checks and interfere with workflow execution, potentially leading to unauthorized data manipulation within the automation environment.
Business impact
With a CVSS score of 7.6, this vulnerability represents a significant risk to the reliability and security of automated business workflows. Successful exploitation could allow attackers to alter critical business processes, exfiltrate data processed by n8n, or manipulate downstream systems integrated with the platform, leading to potential operational disruption and data integrity loss.
Remediation
Immediate Action: Update n8n instances to version 2.28.1 or 2.27.4 (or the latest available release) to ensure authentication and origin validation checks are correctly enforced.
Proactive Monitoring: Monitor workflow execution logs for unexpected modifications or unauthorized access patterns that deviate from standard operational baselines.
Compensating Controls: Restrict access to the n8n dashboard via IP allowlisting or VPN requirements, and ensure that only trusted origins are permitted to communicate with the n8n API.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Given the central role of n8n in managing sensitive business automation, the identified authentication and origin validation flaws must be addressed urgently. Organizations should immediately verify their current version and apply the recommended patches to prevent potential unauthorized manipulation of critical workflows.