CVE-2026-56348 Overview
CVE-2026-56348 is a Server-Side Request Forgery (SSRF) [CWE-918] vulnerability in n8n, the open-source workflow automation platform. Versions before 2.20.0 fail to enforce the Allowed HTTP Request Domains restriction on the POST /rest/dynamic-node-parameters/options endpoint. Authenticated users with credential access can force the n8n server to send HTTP requests, along with attached credentials, to arbitrary external hosts. This enables exfiltration of sensitive authentication material such as API tokens, OAuth secrets, and service credentials stored within n8n.
Critical Impact
Authenticated attackers can bypass domain allow-listing to redirect credentialed HTTP requests to attacker-controlled hosts, leaking stored secrets.
Affected Products
- n8n Community Edition (Node.js) versions prior to 2.20.0
- n8n Enterprise Edition (Node.js) versions prior to 2.20.0
- Self-hosted n8n deployments using stored credentials
Discovery Timeline
- 2026-06-22 - CVE-2026-56348 published to NVD
- 2026-06-24 - Last updated in NVD database
Technical Details for CVE-2026-56348
Vulnerability Analysis
The vulnerability resides in n8n's dynamic node parameter resolution flow. The POST /rest/dynamic-node-parameters/options endpoint loads node option lists dynamically by issuing outbound HTTP requests using credentials referenced in the request payload. n8n exposes an N8N_ALLOWED_HTTP_REQUEST_DOMAINS configuration to constrain outbound traffic to approved hosts. However, this endpoint does not consult that allow-list before dispatching the request. An authenticated user who can reference an existing credential can therefore direct n8n to make an outbound call to any host, attaching the credential's secrets in the process.
Root Cause
The root cause is missing domain validation in the dynamic-node-parameters request handler. While the standard HTTP Request node enforces Allowed HTTP Request Domains, the dynamic options resolver shares no equivalent guard. This inconsistency between code paths classifies the issue as a Server-Side Request Forgery weakness [CWE-918], where server-issued requests can be steered to attacker-chosen destinations.
Attack Vector
Exploitation requires an authenticated n8n account with at least read access to a stored credential. The attacker submits a crafted request to /rest/dynamic-node-parameters/options that specifies the target credential ID and a load-options endpoint URL pointing to an attacker-controlled host. The n8n backend resolves the credential, attaches its authentication material (bearer tokens, basic-auth headers, API keys, OAuth access tokens), and issues the HTTP request to the attacker's server. The attacker captures the inbound request and extracts the leaked credential.
No verified proof-of-concept code is publicly available. Refer to the GitHub Security Advisory GHSA-3875-8gcx-7v46 and the VulnCheck Advisory on n8n for vendor-supplied technical detail.
Detection Methods for CVE-2026-56348
Indicators of Compromise
- Requests to POST /rest/dynamic-node-parameters/options containing external or unexpected URLs in the loadOptions or endpoint parameters.
- Outbound HTTP connections from the n8n server process to domains not present in N8N_ALLOWED_HTTP_REQUEST_DOMAINS.
- Authentication failures or unusual usage patterns on third-party APIs whose credentials are stored in n8n.
- n8n audit log entries showing credential access by accounts that do not normally execute workflows.
Detection Strategies
- Inspect n8n access logs for dynamic-node-parameters/options calls and correlate the referenced credential IDs with the destination host.
- Compare outbound DNS and HTTP egress from the n8n host against the configured allowed-domains list, alerting on deviations.
- Hunt for newly created or recently modified low-privilege n8n users that have been granted credential read permissions.
Monitoring Recommendations
- Enable n8n audit logging and forward events to a centralized SIEM for retention and correlation.
- Place the n8n server behind an egress proxy that enforces an explicit allow-list of outbound destinations.
- Rotate any credential suspected of exposure and monitor third-party API audit logs for use from unexpected IP addresses.
How to Mitigate CVE-2026-56348
Immediate Actions Required
- Upgrade all n8n instances (Community and Enterprise) to version 2.20.0 or later.
- Rotate credentials stored in n8n if logs indicate suspicious calls to /rest/dynamic-node-parameters/options prior to patching.
- Review and tighten n8n user roles, restricting credential access to operators who genuinely require it.
- Enforce strong authentication and remove unused accounts to reduce the pool of authenticated abusers.
Patch Information
n8n version 2.20.0 introduces enforcement of the Allowed HTTP Request Domains policy on the dynamic node parameters endpoint. Patch details are published in the GitHub Security Advisory GHSA-3875-8gcx-7v46. Self-hosted operators should pull the updated Docker image or npm package and restart the service after upgrade.
Workarounds
- Restrict network egress from the n8n host to an explicit list of trusted third-party API domains using a firewall or egress proxy.
- Limit access to the n8n REST API to trusted networks via reverse-proxy IP allow-listing until the upgrade is applied.
- Reduce the number of users granted credential read or edit permissions and audit existing role assignments.
# Example egress allow-list enforcement using iptables on the n8n host
# Block all outbound HTTP/HTTPS by default, then allow approved domains via proxy
iptables -A OUTPUT -p tcp --dport 443 -d api.trusted-vendor.com -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -j REJECT
# Verify n8n version after upgrade
npm list -g n8n
# or for Docker deployments
docker exec n8n n8n --version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

