PatchSiren cyber security CVE debrief
CVE-2026-45732 n8n-io CVE debrief
CVE-2026-45732 is a high-severity vulnerability in n8n, an open-source workflow automation platform. The vulnerability affects OAuth1 and OAuth2 credential reconnect endpoints, allowing an authenticated user with read-only access to a shared credential to initiate an OAuth reconnect flow and overwrite the stored token material for that credential with tokens bound to an external account they control. This could lead to data exfiltration to attacker-controlled external services and persistent takeover of shared integrations. The vulnerability is fixed in versions 1.123.43, 2.22.1, and 2.20.7. Users should update to these versions to mitigate the vulnerability.
- Vendor
- n8n-io
- Product
- n8n
- CVSS
- HIGH 8.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-23
- Original CVE updated
- 2026-06-26
- Advisory published
- 2026-06-23
- Advisory updated
- 2026-06-26
Who should care
Security teams and administrators responsible for n8n workflow automation platforms should be aware of this vulnerability. Specifically, those who use OAuth1 and OAuth2 credentials for authentication and authorization should take immediate action to update to the patched versions. Additionally, teams using shared credentials or integrations with external services should be cautious of potential data exfiltration and takeover risks.
Technical summary
The vulnerability exists in the OAuth1 and OAuth2 credential reconnect endpoints of n8n, allowing an authenticated user with read-only access to a shared credential to initiate an OAuth reconnect flow. This flow can be exploited to overwrite the stored token material for that credential with tokens bound to an external account controlled by the attacker. As a result, workflows relying on the affected credential would subsequently execute under the attacker's OAuth identity, enabling data exfiltration to attacker-controlled external services and persistent takeover of shared integrations. The CVSS score for this vulnerability is 8.3, indicating a high severity level.
Defensive priority
High priority should be given to updating n8n to versions 1.123.43, 2.22.1, or 2.20.7, as applicable. Additionally, defenders should review and monitor their n8n workflows and integrations for any suspicious activity, especially those using OAuth1 and OAuth2 credentials.
Recommended defensive actions
- Update n8n to version 1.123.43, 2.22.1, or 2.20.7, as applicable.
- Review and monitor n8n workflows and integrations for suspicious activity, especially those using OAuth1 and OAuth2 credentials.
- Implement additional logging and monitoring to detect potential data exfiltration and takeover attempts.
- Consider implementing compensating controls, such as restricting access to sensitive workflows and integrations.
- Verify that all shared credentials and integrations are properly secured and monitored.
Evidence notes
The CVE-2026-45732 vulnerability was publicly disclosed on June 23, 2026, and the NVD record was last modified on June 26, 2026. The vulnerability affects n8n versions prior to 1.123.43, 2.22.1, and 2.20.7. The CVSS score for this vulnerability is 8.3, indicating a high severity level. The CWE-639 weakness is associated with this vulnerability.
Official resources
-
CVE-2026-45732 CVE record
CVE.org
-
CVE-2026-45732 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
This article is AI-assisted and based on the supplied source corpus.