PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-59253 n8n CVE debrief

CVE-2026-59253 is an improper authorization vulnerability in n8n before 2.28.0. Authenticated users can assign workflows to folders in other projects by supplying crafted request payloads during workflow creation. This causes logical integrity violations in target project folder structures. The vulnerability allows attackers to bypass project and folder authorization boundaries, potentially leading to unauthorized access or modifications. Users of n8n should be aware of this vulnerability and take steps to mitigate it.

Vendor
n8n
Product
Unknown
CVSS
MEDIUM 5.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-08
Original CVE updated
2026-07-08
Advisory published
2026-07-08
Advisory updated
2026-07-08

Who should care

Users of n8n before version 2.28.0 should be aware of this vulnerability and take steps to mitigate it. This includes administrators of n8n instances who need to ensure that their instances are updated to version 2.28.0 or later. Additionally, operators, platform administrators, and security teams who manage n8n deployments should review the official advisory and CVE record to validate affected scope, severity, and vendor guidance.

Technical summary

The vulnerability exists in the workflow assignment feature of n8n. An authenticated user can bypass project and folder authorization boundaries by providing a crafted request payload during workflow creation. This allows the user to assign workflows to folders in other projects, potentially leading to unauthorized access or modifications. The affected product is n8n before version 2.28.0. Defenders should review the official advisory and CVE record to validate affected scope, severity, and vendor guidance.

Defensive priority

Medium

Recommended defensive actions

  • Update n8n to version 2.28.0 or later
  • Review and restrict workflow assignment permissions for authenticated users
  • Monitor for suspicious workflow assignment activities
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

The CVE record was published on 2026-07-08T14:17:20.683Z and has not been modified since then. The NVD entry is currently Analyzed. This information is based on the provided source corpus. However, the source detail is limited, and defenders should verify the affected scope and severity with the official CVE record and NVD entry. The vulnerability exists in n8n before version 2.28.0, and authenticated users can assign workflows to folders in other projects by supplying crafted request payloads during workflow creation.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T14:17:20.683Z and has not been modified since then. The NVD entry is currently Analyzed.