GHSA-m63j-689w-3j35: n8n is Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition
Summary
n8n Community Edition has a security flaw where authenticated users with basic permissions can steal plaintext secrets from other users' HTTP credentials (like basic auth or header auth) by exploiting flaws in how credentials are looked up and validated. This happens because the system doesn't properly check who owns a credential and skips security checks for generic HTTP credential types, though this only affects Community Edition and not the paid Enterprise version.
Solution / Mitigation
Upgrade to n8n version 1.123.27, 2.13.3, or 2.14.1 or later. If upgrading is not immediately possible, administrators should restrict instance access to fully trusted users only and audit stored credentials to rotate any generic HTTP credentials (`httpBasicAuth`, `httpHeaderAuth`, `httpQueryAuth`) that may have been exposed, though these workarounds do not fully remediate the risk.
Vulnerability Details
EPSS: 0.0%
Yes
March 25, 2026
Classification
Taxonomy References
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-m63j-689w-3j35
First tracked: March 25, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 75%