CNNVD-202602-950 Information

CNNVD ID

CNNVD-202602-950

Related CVE

CVE-2026-25631

• CNNVD Published: 2026-02-06

Description (Chinese)

n8n是n8n开源的一个可扩展的工作流自动化工具。 n8n 1.121.0之前版本存在输入验证错误漏洞，该漏洞源于HTTP Request节点的凭据域验证不当，可能导致经过身份验证的攻击者将凭据发送到非预期域，造成凭据泄露。

Description (English)

n8n is an expanded workflow automation tool for n8n open source. n8n 1.1.22.0 There is an input authentication error loophole in the pre-version version, which stems from the inappropriate proof-based domain at the HTTTP Request node, which may result in the proof being sent to unexpected territory by the identity-certified assailant, resulting in the disclosure of the evidence.

Hazard Level

High

Vulnerability Type

输入验证错误

Affected Vendor

n8n

Published

2026-02-06

Last Modified

2026-02-24

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-2xcx-75h9-vr9h https://access.redhat.com/security/cve/cve-2026-25631

Patch

https://github.com/n8n-io/n8n/releases