CVE-2026-33720

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.8.0

Description n8n is a workflow automation platform. When the N8N SKIP AUTH ON OAUTH CALLBACK environment variable is set to true, the OAuth callback handler does not verify the ownership of the OAuth state parameter. This allows an attacker to trick a user into completing an OAuth flow against a credential object controlled by the attacker, resulting in the victim's OAuth tokens being stored by the attacker. The attacker can then use these tokens to execute workflows on behalf of the victim. This issue only affects instances where N8N SKIP AUTH ON OAUTH CALLBACK is explicitly set to true. The vulnerable component is the OAuth callback handler. The vulnerable parameter is the OAuth state parameter.

Recommendations Upgrade to n8n version 2.8.0 or later. Avoid enabling the N8N SKIP AUTH ON OAUTH CALLBACK environment variable unless strictly required. Restrict access to the n8n instance to fully trusted users only.