← Voltar para CVEs
CVE-2026-25631
MEDIUM6.5
Descricao
n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This only might affect user who have credentials that use wildcard domain patterns (e.g., *.example.com) in the "Allowed domains" setting. This issue is fixed in version 1.121.0 and later.
Detalhes CVE
Pontuacao CVSS v3.16.5
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado2/6/2026
Ultima modificacao2/19/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
n8n:n8n
Fraquezas (CWE)
CWE-20CWE-522
Referencias
https://github.com/n8n-io/n8n/security/advisories/GHSA-2xcx-75h9-vr9h(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.