CVE-2026-59253

CVE-2026-59253CVE-2026-59253

n8n / n8n

Description

n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users to assign workflows to folders in other projects. Attackers can bypass project and folder authorization boundaries by supplying crafted request payloads during workflow creation, causing logical integrity violations in target project folder structures.

Scoring

CVSS 5.0 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Last modified2026-07-08
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.