CVE-2026-33722: CWE-863: Incorrect Authorization in n8n-io n8n
n8n versions prior to 1. 123. 23 and 2. 6. 4 contain an authorization bypass vulnerability that allows authenticated users without the externalSecret:list permission to retrieve plaintext secrets from connected external vaults by referencing the secret name in credentials. This vulnerability requires the instance to have an external secrets vault configured and the attacker to know or guess the secret's name. The issue has been fixed in versions 1. 123. 23 and 2. 6.
AI Analysis
Technical Summary
CVE-2026-33722 is an incorrect authorization vulnerability (CWE-863) in the n8n workflow automation platform. Authenticated users lacking permission to list external secrets could bypass the externalSecret:list permission check by referencing a secret by its external name in a credential, allowing them to retrieve the secret's plaintext value when saving the credential. This affects n8n versions prior to 1.123.23 and 2.6.4 and requires the external secrets vault feature to be configured. The vulnerability has been addressed in versions 1.123.23 and 2.6.4.
Potential Impact
An authenticated user without the necessary permission can access plaintext secrets stored in external vaults by exploiting this authorization bypass. This could lead to unauthorized disclosure of sensitive credentials or secrets, potentially compromising connected systems or workflows. The impact is high due to the confidentiality breach of secrets.
Mitigation Recommendations
A fix is available in n8n versions 1.123.23 and 2.6.4; users should upgrade to these versions or later to remediate the vulnerability. If immediate upgrade is not possible, administrators should restrict n8n access to fully trusted users and/or disable the external secrets integration as temporary mitigations. These workarounds do not fully eliminate the risk and should only be used short-term until patching is performed.
CVE-2026-33722: CWE-863: Incorrect Authorization in n8n-io n8n
Description
n8n versions prior to 1. 123. 23 and 2. 6. 4 contain an authorization bypass vulnerability that allows authenticated users without the externalSecret:list permission to retrieve plaintext secrets from connected external vaults by referencing the secret name in credentials. This vulnerability requires the instance to have an external secrets vault configured and the attacker to know or guess the secret's name. The issue has been fixed in versions 1. 123. 23 and 2. 6.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-33722 is an incorrect authorization vulnerability (CWE-863) in the n8n workflow automation platform. Authenticated users lacking permission to list external secrets could bypass the externalSecret:list permission check by referencing a secret by its external name in a credential, allowing them to retrieve the secret's plaintext value when saving the credential. This affects n8n versions prior to 1.123.23 and 2.6.4 and requires the external secrets vault feature to be configured. The vulnerability has been addressed in versions 1.123.23 and 2.6.4.
Potential Impact
An authenticated user without the necessary permission can access plaintext secrets stored in external vaults by exploiting this authorization bypass. This could lead to unauthorized disclosure of sensitive credentials or secrets, potentially compromising connected systems or workflows. The impact is high due to the confidentiality breach of secrets.
Mitigation Recommendations
A fix is available in n8n versions 1.123.23 and 2.6.4; users should upgrade to these versions or later to remediate the vulnerability. If immediate upgrade is not possible, administrators should restrict n8n access to fully trusted users and/or disable the external secrets integration as temporary mitigations. These workarounds do not fully eliminate the risk and should only be used short-term until patching is performed.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-23T17:34:57.559Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69c477fbf4197a8e3b97b114
Added to database: 3/26/2026, 12:04:11 AM
Last enriched: 4/3/2026, 1:15:26 PM
Last updated: 5/9/2026, 5:45:06 AM
Views: 134
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.