n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an HTTP Request node's pagination expression and exfiltrate the secret through item data. This issue is fixed in versions 1.123.61, 2.27.4, and 2.28.1.
Metrics
Affected Vendors & Products
References
History
Fri, 10 Jul 2026 09:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
N8n
N8n n8n |
|
| Vendors & Products |
N8n
N8n n8n |
Thu, 09 Jul 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 09 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an HTTP Request node's pagination expression and exfiltrate the secret through item data. This issue is fixed in versions 1.123.61, 2.27.4, and 2.28.1. | |
| Title | n8n: Shared Credential Header Leak via HTTP Request Pagination Expression | |
| Weaknesses | CWE-200 CWE-522 |
|
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published: 2026-07-09T15:32:27.537Z
Updated: 2026-07-09T17:28:23.567Z
Reserved: 2026-07-02T21:05:02.924Z
Link: CVE-2026-59209
Updated: 2026-07-09T17:28:18.803Z
No data.
No data.