CVE-2026-25631

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.121.0

Description n8n is a workflow automation platform. A flaw in the HTTP Request node’s credential domain validation could allow an authenticated attacker to send requests with credentials to unintended domains, potentially resulting in credential exfiltration. This issue specifically impacts users who have credentials with wildcard domain patterns (e.g., *.example.com) configured in the "Allowed domains" setting. The vulnerable component is the HTTP Request node. The vulnerable setting is the "Allowed domains" setting.

Recommendations Versions prior to 1.121.0 should be upgraded to version 1.121.0 or later. Replace wildcard domain patterns with explicit domain listings in HTTP Request credentials. Review and restrict workflow creation/modification permissions to trusted users only. Audit existing workflows using HTTP Request nodes with domain-restricted credentials.