CVE-2026-54304 n8n-io CVE debrief

Who should care

Users of n8n workflow automation platform, especially those with SecurityScorecard credentials configured, should be aware of this vulnerability. Administrators and developers responsible for maintaining and securing n8n instances should prioritize patching to prevent potential credential exfiltration.

Technical summary

The vulnerability exists in the SecurityScorecard node of the n8n workflow automation platform. An authenticated user with specific permissions could manipulate the report download operation to send the SecurityScorecard API token to an attacker-controlled URL. This occurs because the node attaches the API token to the outbound request without properly enforcing domain limitations set on the credential. The vulnerability has a CVSS score of 7.1 and is classified as HIGH severity.

Defensive priority

Patching is the primary recommended action. Users should update to versions 1.123.55, 2.25.7, or 2.26.1, or later, as soon as possible. In the interim, defenders should review and restrict workflow creation and modification permissions, and closely monitor SecurityScorecard credential usage.

Recommended defensive actions

• Apply patches to update n8n to versions 1.123.55, 2.25.7, or 2.26.1, or later.
• Review and restrict workflow creation and modification permissions for users with access to SecurityScorecard credentials.
• Monitor SecurityScorecard credential usage and logs for suspicious activity.
• Consider implementing additional security measures, such as IP restrictions or stricter domain limitations for SecurityScorecard credentials.
• Perform a thorough inventory of n8n instances and their configurations to ensure all vulnerable versions are identified and patched.

Evidence notes

The CVE record and NVD detail provide official information about the vulnerability. The source item URL from NVD provides additional context. A mitigation or vendor reference is available from the GitHub security advisory.

Official resources