The vulnerability identified as CVE-2026-33722 in the n8n open source workflow automation platform arises from an incorrect authorization implementation (CWE-863). Specifically, in versions prior to 1.123.23 and 2.6.4, authenticated users lacking the `externalSecret:list` permission can still reference external secrets by name within credentials and retrieve their plaintext values upon saving those credentials. This bypasses the intended permission checks designed to restrict access to secrets stored in external vaults connected to n8n instances. The vulnerability requires that the n8n instance be configured with an external secrets vault and that the attacker either knows or can guess the secret names. The flaw compromises confidentiality by exposing sensitive secrets to unauthorized users without requiring admin or owner privileges. The CVSS 4.0 base score is 7.3 (high severity), reflecting network attack vector, low attack complexity, partial privileges required, no user interaction, and high impact on confidentiality. The issue has been addressed in n8n versions 1.123.23 and 2.6.4, with patches enforcing proper authorization checks. Until upgrades are applied, administrators are advised to restrict access to fully trusted users and/or disable external secrets integration, though these are only temporary mitigations and do not fully eliminate the risk.

This vulnerability poses a significant risk to organizations using n8n with external secrets vaults, as it allows unauthorized users with limited privileges to access plaintext secrets. Such secrets often include API keys, credentials, tokens, or other sensitive information critical to business operations and security. Exposure of these secrets can lead to further compromise of connected systems, data breaches, unauthorized access to cloud services, and lateral movement within networks. The bypass of authorization checks undermines trust in the platform's security controls and can result in compliance violations if sensitive data is leaked. Since n8n is used globally for workflow automation, the impact spans multiple industries relying on automated integrations and secret management. Although no public exploits are reported yet, the ease of exploitation (low complexity, no user interaction) and the high confidentiality impact make this a pressing threat that could be leveraged in targeted attacks or insider threat scenarios.

The primary mitigation is to upgrade n8n instances to version 1.123.23 or 2.6.4 or later, where the authorization bypass is fixed. Until upgrades can be performed, administrators should restrict n8n access strictly to fully trusted and vetted users to minimize exposure. Additionally, disabling the external secrets integration feature will prevent the vulnerability from being exploited, though this may impact functionality. Monitoring access logs for unusual credential save operations referencing external secrets can help detect exploitation attempts. Implementing network segmentation and strong authentication controls around n8n instances further reduces risk. Organizations should also review and rotate secrets stored in external vaults after patching to mitigate any potential prior exposure. Finally, educating users about the risk and ensuring least privilege principles in user permissions within n8n will limit the attack surface.