CVE-2026-59207: n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce th
Summary
n8n is an open source workflow automation platform (software that helps connect different apps and services together). In versions before 2.27.4 and 2.28.1, the AI Agents feature had a security flaw where it didn't properly check domain restrictions on credentials (login information), allowing a member-level user with limited access to send secret credentials to an external server they control.
Solution / Mitigation
Update to n8n version 2.27.4 or 2.28.1, where this issue is fixed.
Vulnerability Details
EPSS: 0.0%
July 9, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-59207
First tracked: July 9, 2026 at 02:07 PM
Classified by LLM (prompt v3) · confidence: 92%