GHSA-6h4j-wcr9-2vg7: n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints
Summary
n8n, a workflow automation tool, had a security flaw where OAuth credential reconnect endpoints checked for read-only access instead of update access. This meant an authenticated user with limited permissions could hijack shared credentials by reconnecting them to their own external account, allowing them to intercept data or take over workflows that other users depend on.
Solution / Mitigation
Upgrade to n8n version 1.123.43, 2.20.7, or 2.21.1 or later. If upgrading immediately is not possible, administrators should restrict credential sharing to fully trusted users only and audit shared credentials for unexpected OAuth token changes, revoking any tokens that may have been replaced. The source notes these workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
Vulnerability Details
EPSS: 0.0%
Yes
May 14, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-6h4j-wcr9-2vg7
First tracked: May 14, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 75%