GHSA-c545-x2rh-82fc: n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover
Summary
n8n (a workflow automation platform) had a security flaw where LDAP authentication (a directory service for user identity management) would automatically link an LDAP user account to an existing local account if their email addresses matched. An attacker could change their LDAP email to match an administrator's email and gain full access to that account, with the unauthorized access persisting even after the email was changed back. This only affects n8n instances that have LDAP authentication specifically enabled.
Solution / Mitigation
The issue has been fixed in n8n versions 2.4.0 and 1.121.0. Users should upgrade to one of these versions or later. If immediate upgrading is not possible, administrators can: disable LDAP authentication temporarily, restrict LDAP directory permissions so users cannot modify their own email attributes, or audit existing LDAP-linked accounts for unexpected associations. The source notes these workarounds do not fully remediate the risk and should only be short-term measures.
Vulnerability Details
EPSS: 0.0%
Yes
March 25, 2026
Classification
Taxonomy References
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-c545-x2rh-82fc
First tracked: March 25, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 75%