Serial number: AV26-628
Date: June 24, 2026
On June 24, 2026, n8n published security advisories to address vulnerabilities in the following product:
- n8n – versions prior to 2.28.1
- n8n – versions prior to 2.27.4
- n8n – versions prior to 1.123.61
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary update.
- "Allowed HTTP Request Domains" Restriction Bypass via AI Agents MCP Connector
- Prototype Pollution via Workflow Credentials Leads to Unauthenticated User and Project Enumeration
- Cross-Issuer Token Exchange Account Binding via Subject-Only Identity Resolution
- Shared Credential Header Leak via HTTP Request Pagination Expression
- n8n Security