CVE-2026-54305 n8n-io CVE debrief

Who should care

Users of n8n's Dynamic Credentials feature, especially those with private workflows and credentials, should be aware of this vulnerability. Authenticated users with no project membership or credential sharing relationship could exploit this vulnerability to access sensitive information or disrupt workflows. Administrators of n8n instances should prioritize patching to versions 1.123.55, 2.25.7, or 2.26.2 to prevent potential attacks.

Technical summary

The vulnerability exists in three EE endpoints used by the Dynamic Credentials feature in n8n. These endpoints failed to perform proper ownership or scope checks on target workflows or credentials. An authenticated user could exploit this by enumerating credential identifiers, initiating an OAuth authorization flow to overwrite stored tokens, or revoking credential tokens of other users. This could lead to data exfiltration, persistent takeover of integrations, and disruption of workflows. The CVSS score for this vulnerability is 8.9, indicating a high severity.

Defensive priority

High priority should be given to patching n8n instances to versions 1.123.55, 2.25.7, or 2.26.2. In the meantime, defenders should monitor for suspicious activity related to credential usage and OAuth authorization flows.

Recommended defensive actions

• Patch n8n instances to versions 1.123.55, 2.25.7, or 2.26.2.
• Monitor for suspicious activity related to credential usage and OAuth authorization flows.
• Review and update workflows that rely on Dynamic Credentials.
• Implement additional monitoring and logging for credential-related events.
• Consider temporarily disabling Dynamic Credentials feature if patching is not immediately feasible.

Evidence notes

The CVE record and NVD detail provide official information about the vulnerability. A security advisory from GitHub (GHSA-2j5h-858j-5mpf) offers mitigation and vendor information. The vulnerability is analyzed and has a CVSS score of 8.9.

Official resources