Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable via authenticated workflow editor (PR:L), no user interaction, scope changes since a third-party API credential is exposed (S:C), confidentiality-only impact.
Primary rating from Vendor (https://github.com/n8n-io/n8n).
CVSS VectorVendor: https://github.com/n8n-io/n8n
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
Impact
An authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download operation to target an attacker-controlled URL. The node attached the SecurityScorecard API token to the outbound request, causing the credential to be sent to the attacker-controlled host bypassing credential configured limitations and exfiltrating.
Patches
The issue has been fixed in n8n versions 1.123.55, 2.25.7, and 2.26.1. Users should upgrade to one of these versions or later to remediate the vulnerability.
Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
- Limit workflow creation and editing permissions to fully trusted users only.
- Disable the SecurityScorecard node by adding
n8n-nodes-base.securityScorecardto theNODES_EXCLUDEenvironment variable.
These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
AnalysisAI
Credential exfiltration in n8n workflow automation platform allows authenticated workflow editors to leak SecurityScorecard API tokens to attacker-controlled hosts. The SecurityScorecard node's report download operation fails to validate the target URL against the credential's allowed-domains restriction, attaching the API token to outbound requests directed at arbitrary attacker URLs. No public exploit identified at time of analysis, but the upstream fix is published and traceable through the vendor's GitHub Security Advisory.
Technical ContextAI
n8n is a popular Node.js-based workflow automation platform (distributed via npm as 'n8n') that lets users build integrations between SaaS services using pre-built 'nodes'. The flawed SecurityScorecard node provides a report-download operation that takes a URL parameter; the bug is a CWE-200 (Exposure of Sensitive Information) class issue where the node attaches the bound credential's API bearer token to the outbound HTTP request without first validating that the destination URL matches the allow-listed domains configured on the credential. This bypasses n8n's credential-scoping protection and effectively turns a server-side request feature into a credential-exfiltration primitive.
RemediationAI
Vendor-released patch: upgrade n8n to 1.123.55, 2.25.7, or 2.26.1 (or later) per the vendor advisory at https://github.com/n8n-io/n8n/security/advisories/GHSA-rm2v-h48j-895m. If immediate upgrade is not feasible, disable the affected node by adding 'n8n-nodes-base.securityScorecard' to the NODES_EXCLUDE environment variable (this breaks any existing workflows that rely on SecurityScorecard integration), and tighten workflow-creation and editing permissions to fully trusted users only (reducing collaboration utility but shrinking the attacker pool). As a defense-in-depth measure, rotate any SecurityScorecard API tokens that were configured in n8n before patching, since the vulnerability allowed silent exfiltration prior to remediation.
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38479
GHSA-rm2v-h48j-895m