Which versions of N8n are affected by CVE-2026-33724?

Organizations using n8n should be aware of moderate risk from CVE-2026-33724, a IDOR vulnerability rated CVSS 6.3. Exploitation could compromise the security of affected deployments.. A patch is available.

Is there a public PoC exploit available for CVE-2026-33724?

Yes, a public proof-of-concept exploit is available for CVE-2026-33724. Prioritise patching immediately. EPSS: 0.0%.

N8n CVE-2026-33724

Q: What is the CVSS score of CVE-2026-33724?

CVE-2026-33724 has a CVSS 4.0 base score of 6.3 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-15954 MEDIUM

Authorization Bypass Through User-Controlled Key (CWE-639)

2026-03-25 GitHub_M

GHSA-43v7-fp2v-68f6

Authentication Bypass N8n

6.3

CVSS 4.0 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

6.3 MEDIUM

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

PoC Detected

Mar 27, 2026 - 19:32 vuln.today

Public exploit code

EUVD ID Assigned

Mar 25, 2026 - 18:47 euvd

EUVD-2026-15954

Analysis Generated

Mar 25, 2026 - 18:47 vuln.today

CVE Published

Mar 25, 2026 - 18:26 nvd

MEDIUM 6.3

DescriptionGitHub Advisory

n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server could intercept the connection and present a fraudulent host key, potentially injecting malicious content into workflows or intercepting repository data. This issue only affects instances where the Source Control feature has been explicitly enabled and configured to use SSH (non-default). The issue has been fixed in n8n version 2.5.0. Users should upgrade to this version or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Disable the Source Control feature if it is not actively required, and/or restrict network access to ensure the n8n instance communicates with the Git server only over trusted, controlled network paths. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

AnalysisAI

n8n versions prior to 2.5.0 contain a critical SSH host key verification bypass in the Source Control feature that allows network-positioned attackers to perform man-in-the-middle attacks against Git operations. Affected users who have explicitly enabled and configured SSH-based source control can have their workflows injected with malicious content or have repository data intercepted without authentication. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	The CVSS 6.3 score reflects a medium-severity network-based attack with moderate complexity and partial attack success conditions (AT:P indicates some prerequisite). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker positioned on the network path between an n8n instance and its configured Git server (e.g., a compromised ISP router, rogue WiFi access point, or cloud network MITM) intercepts the SSH connection during a workflow sync operation. The attacker presents a fraudulent SSH host key; because host key verification is disabled, the n8n client accepts the connection transparently. …
Remediation	Upgrade n8n to version 2.5.0 or later to remediate the vulnerability. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-33724 vulnerability details – vuln.today

Back