Loading market data...
← Back to CVE feed

CVE-2026-59253

MEDIUM CVSS 5.0 View on NVD ↗

Description

n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users to assign workflows to folders in other projects. Attackers can bypass project and folder authorization boundaries by supplying crafted request payloads during workflow creation, causing logical integrity violations in target project folder structures.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Affected Products

n8n/n8n
Published: Jul 08, 2026 14:17 UTC Modified: Jul 08, 2026 19:25 UTC