CVE-2026-56348
CRITICALn8n - Credential Exfiltration via Allowed HTTP Request Domains Bypass in Dynamic Node Parameters Endpoint
Title source: cnaDescription
n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authenticated users to bypass Allowed HTTP Request Domains restrictions. Attackers with credential access can cause the n8n server to issue HTTP requests with credentials to unauthorized hosts, exfiltrating sensitive authentication data.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-3875-8gcx-7v46)
https://github.com/n8n-io/n8n/security/advisories/GHSA-3875-8gcx-7v46
Third Party Advisory third-party-advisory
VulnCheck Advisory: n8n - Credential Exfiltration via Allowed HTTP Request Domains Bypass in Dynamic Node Parameters Endpoint
https://www.vulncheck.com/advisories/n8n-credential-exfiltration-via-allowed-http-request-domains-bypass-in-dynamic-node-parameters-endpoint
Scores
CVSS v3
9.1
EPSS
0.0026
EPSS Percentile
17.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (3)
n8n/n8n
< 2.20.0 (3 CPE variants)
n8n/n8n
2.20.0
npm/n8n
0 - 2.20.0npm
Published
Jun 22, 2026
Tracked Since
Jun 23, 2026