Skip to main content

N8n EUVD-2025-19898

| CVE-2025-52554 MEDIUM
Missing Authorization (CWE-862)
2025-07-03 security-advisories@github.com GHSA-gq57-v332-7666
Authentication Bypass N8n
4.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

4
EUVD ID Assigned
Mar 16, 2026 - 02:12 euvd
EUVD-2025-19898
Analysis Generated
Mar 16, 2026 - 02:12 vuln.today
Patch released
Mar 16, 2026 - 02:12 nvd
Patch available
CVE Published
Jul 03, 2025 - 20:15 nvd
MEDIUM 4.3

DescriptionNVD

n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption. This issue has been patched in version 1.99.1. A workaround involves restricting access to the /rest/executions/:id/stop endpoint via reverse proxy or API gateway.

Analysis

n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption. This issue has been patched in version 1.99.1. A workaround involves restricting access to the /rest/executions/:id/stop endpoint via reverse proxy or API gateway.

Technical ContextAI

This vulnerability is classified as Missing Authorization (CWE-862).

RemediationAI

A vendor patch is available. Apply it as soon as possible and verify the fix.

Share

EUVD-2025-19898 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy