n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an HTTP Request node's pagination expression and exfiltrate the secret through item data. This issue is fixed in versions 1.123.61, 2.27.4, and 2.28.1.
Conclusion & alert: CVE-2026-59209 is rated Low Risk (36.1/100): CVSS High severity, with low exploitation likelihood (EPSS 0.30%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-07-10 | — | 0.30% | — |
Full EPSS history (1 record total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.1 | 4.0 | HIGH |
|
— | — | [email protected] |
| 6.5 | 3.1 | MEDIUM |
|
2.8 | 3.6 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| n8n | n8n | < 1.123.61 | cpe:2.3:a:n8n:n8n:*:*:*:*:community:node.js:*:* |
| n8n | n8n | < 1.123.61 | cpe:2.3:a:n8n:n8n:*:*:*:*:enterprise:node.js:*:* |
| n8n | n8n | >= 2.0.0, < 2.27.4 | cpe:2.3:a:n8n:n8n:*:*:*:*:community:node.js:*:* |
| n8n | n8n | >= 2.0.0, < 2.27.4 | cpe:2.3:a:n8n:n8n:*:*:*:*:enterprise:node.js:*:* |
| n8n | n8n | 2.28.0 | cpe:2.3:a:n8n:n8n:2.28.0:*:*:*:community:node.js:*:* |
| n8n | n8n | 2.28.0 | cpe:2.3:a:n8n:n8n:2.28.0:*:*:*:enterprise:node.js:*:* |
| URL | Tags |
|---|---|
| https://github.com/n8n-io/n8n/releases/tag/n8n%402.27.4 | Product Release Notes |
| https://github.com/n8n-io/n8n/releases/tag/n8n%402.28.1 | Product Release Notes |
| https://github.com/n8n-io/n8n/security/advisories/GHSA-q3j5-8vrg-4p9q | Mitigation Vendor Advisory |