{"data":{"id":"22400c18-8d7c-40dc-875d-586c0c12abf9","title":"GHSA-rm2v-h48j-895m: n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host","summary":"An authenticated user in n8n (a workflow automation platform) could trick the SecurityScorecard node (a component that connects to SecurityScorecard's API) into sending an API token (a credential for accessing the service) to an attacker's server by configuring it to download reports from a malicious URL, bypassing security restrictions meant to limit where credentials can be sent. This allows the attacker to steal the API token and use it themselves.","solution":"The issue has been fixed in n8n versions 1.123.55, 2.25.7, and 2.26.1. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators can temporarily: limit workflow creation and editing permissions to fully trusted users only, or disable the SecurityScorecard node by adding `n8n-nodes-base.securityScorecard` to the `NODES_EXCLUDE` environment variable. The source notes these workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-rm2v-h48j-895m","publishedAt":"2026-06-16T23:34:10.000Z","cveId":"CVE-2026-54304","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":["n8n@>= 2.0.0-rc.0, < 2.25.7 (fixed: 2.25.7)","n8n@>= 2.26.0, < 2.26.1 (fixed: 2.26.1)","n8n@< 1.123.55 (fixed: 1.123.55)"],"affectedVendors":[],"affectedVendorsRaw":["n8n"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-06-16T23:34:10.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}