PatchSiren cyber security CVE debrief
CVE-2026-59253 n8n CVE debrief
CVE-2026-59253 is an improper authorization vulnerability in n8n before 2.28.0. Authenticated users can assign workflows to folders in other projects by supplying crafted request payloads during workflow creation. This causes logical integrity violations in target project folder structures. The vulnerability allows attackers to bypass project and folder authorization boundaries, potentially leading to unauthorized access or modifications. Users of n8n should be aware of this vulnerability and take steps to mitigate it.
- Vendor
- n8n
- Product
- Unknown
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-08
- Original CVE updated
- 2026-07-08
- Advisory published
- 2026-07-08
- Advisory updated
- 2026-07-08
Who should care
Users of n8n before version 2.28.0 should be aware of this vulnerability and take steps to mitigate it. This includes administrators of n8n instances who need to ensure that their instances are updated to version 2.28.0 or later. Additionally, operators, platform administrators, and security teams who manage n8n deployments should review the official advisory and CVE record to validate affected scope, severity, and vendor guidance.
Technical summary
The vulnerability exists in the workflow assignment feature of n8n. An authenticated user can bypass project and folder authorization boundaries by providing a crafted request payload during workflow creation. This allows the user to assign workflows to folders in other projects, potentially leading to unauthorized access or modifications. The affected product is n8n before version 2.28.0. Defenders should review the official advisory and CVE record to validate affected scope, severity, and vendor guidance.
Defensive priority
Medium
Recommended defensive actions
- Update n8n to version 2.28.0 or later
- Review and restrict workflow assignment permissions for authenticated users
- Monitor for suspicious workflow assignment activities
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
The CVE record was published on 2026-07-08T14:17:20.683Z and has not been modified since then. The NVD entry is currently Analyzed. This information is based on the provided source corpus. However, the source detail is limited, and defenders should verify the affected scope and severity with the official CVE record and NVD entry. The vulnerability exists in n8n before version 2.28.0, and authenticated users can assign workflows to folders in other projects by supplying crafted request payloads during workflow creation.
Official resources
-
CVE-2026-59253 CVE record
CVE.org
-
CVE-2026-59253 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T14:17:20.683Z and has not been modified since then. The NVD entry is currently Analyzed.