CVE-2026-45732

high

Published 2026-05-14 · Modified 2026-05-14

CVSS v3

—

CVSS v2

—

VIR risk

8.0

Description

n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Package impact

Ecosystem	Package	Vulnerable	Fixed
npm	n8n	`<1.123.43`	`1.123.43`
npm	n8n	`>=2.21.0,<2.21.1`	`2.21.1`
npm	n8n	`>=2.0.0-rc.0,<2.20.7`	`2.20.7`
NPM	n8n	`>= 2.0.0-rc.0, < 2.20.7`	`2.20.7`
NPM	n8n	`>= 2.21.0, < 2.21.1`	`2.21.1`
NPM	n8n	`< 1.123.43`	`1.123.43`

References

Verify integrity in audit chain (admin only). AS-IS.