{"data":{"id":"890bde78-7142-480f-912f-4fabe278c0e3","title":"GHSA-vpgc-2f6g-7w7x: n8n Has Authorization Bypass in OAuth Callback via N8N_SKIP_AUTH_ON_OAUTH_CALLBACK","summary":"n8n versions with `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK` set to true have an authorization bypass vulnerability where attackers can trick users into connecting their OAuth tokens (credentials used for third-party authentication) to attacker-controlled accounts, allowing the attacker to run workflows with those stolen credentials. This only affects instances where this setting is explicitly enabled, which is not the default configuration.","solution":"The issue has been fixed in n8n version 2.8.0. Users should upgrade to this version or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should avoid enabling `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK=true` unless strictly required and restrict access to the n8n instance to fully trusted users only (though these workarounds do not fully remediate the risk and should only be used as short-term measures).","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-vpgc-2f6g-7w7x","publishedAt":"2026-03-25T21:57:55.000Z","cveId":"CVE-2026-33720","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["n8n@< 2.8.0 (fixed: 2.8.0)"],"affectedVendors":[],"affectedVendorsRaw":["n8n"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-03-25T21:57:55.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0010"]}}