n8n – Credential Vault Exfiltration via Endpoint Abuse (CVE-2026-56348) | Uganda National Computer Emergency Response Team-National Cert

Scope: n8n Workflow Automation Platform, All Vulnerable Versions

Severity: High

A credential exfiltration vulnerability in n8n allows an authenticated attacker with access to internal workflow credential objects to abuse an unsecure server endpoint and force the n8n instance to transmit stored credentials to unauthorized external hosts. This flaw requires no user interaction and exposes highly sensitive assets, including API keys, OAuth access tokens, and plain-text passwords stored within the n8n credential vault. Because n8n functions as a central integration hub, the impact extends far beyond the automation server itself, potentially compromising connected third-party enterprise services, databases, and cloud platforms. Organizations must immediately update their n8n deployments to the latest secure release, audit all active user accounts and API permissions within the platform, and implement strict egress firewall filtering rules on the n8n host server to prevent unauthorized outbound connections to unknown or untrusted internet destinations.

The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the n8n CVE-2026-56348 Record and apply the necessary updates.

n8n – Credential Vault Exfiltration via Endpoint Abuse (CVE-2026-56348)

Claude Code – Indirect Prompt Injection and WebFetch Data Exfiltration (CVE-2026-54316)

Recent Advisories

Categories

Contact info

Useful Links

Subscribe to our Mailing List

n8n – Credential Vault Exfiltration via Endpoint Abuse (CVE-2026-56348)

RELATED ADVISORIES

Claude Code – Indirect Prompt Injection and WebFetch Data Exfiltration (CVE-2026-54316)

Recent Advisories

Categories