CVE-2026-45732

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.43 n8n versions prior to 2.20.7 n8n versions prior to 2.21.1

Description An authorization bypass exists in the OAuth1 and OAuth2 credential reconnect endpoints. These endpoints incorrectly authorized access using credential:read instead of credential:update. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow to overwrite stored token material with tokens from an external account they control. This allows workflows using the affected credential to execute under the attacker's OAuth identity, potentially leading to data exfiltration to external services and persistent takeover of shared integrations. This issue specifically affects instances where credentials are shared across projects or with other users.

Recommendations Update to version 1.123.43 or later. Update to version 2.20.7 or later. Update to version 2.21.1 or later. Restrict credential sharing to fully trusted users only. Audit shared credentials for unexpected OAuth token changes and revoke any tokens that may have been replaced.