CVE-2023-27563 — HIGH (CVSS 8.8) AI Security Vulnerability

CISO Take

Any authenticated n8n user — including low-privilege API tokens or shared team accounts — can escalate to full admin in v0.218.0, with a published exploit available. Since n8n routinely stores API keys for OpenAI, AWS, and internal services, a single compromised low-privilege account translates directly into credential exfiltration across every connected service. Patch immediately and rotate all credentials stored in n8n as potentially compromised.

Risk Assessment

HIGH risk with immediate operational exposure. CVSS 8.8 reflects a near-trivial exploitation path: network-accessible, low complexity, requires only a basic account. The Synacktiv advisory confirms a working exploit exists. n8n is widely deployed as the orchestration layer for AI automation pipelines, often holding privileged access to LLM APIs, cloud credentials, and internal data sources. The combination of low-barrier escalation and high-value credential stores makes this a priority target for opportunistic threat actors targeting AI infrastructure.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
n8n	npm	—	No patch
187.3K OpenSSF 6.1 16 dependents Pushed today 40% patched ~3d to patch Full package profile →

Do you use n8n? You're affected.

Severity & Risk

CVSS 3.1

8.8 / 10

EPSS

0.3%

chance of exploitation in 30 days

Higher than 56% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

Exploit Available

Exploitation: MEDIUM

Sophistication

Trivial

Exploitation Confidence

medium

○ CISA SSVC: Public PoC

○ Public PoC indexed (trickest/cve)

Composite signal derived from CISA KEV, CISA SSVC, EPSS, trickest/cve, and Nuclei templates.

Attack Surface

AV Network

AC Low

PR Low

UI None

S Unchanged

C High

I High

A High

Recommended Action

5 steps

PATCH IMMEDIATELY

Upgrade n8n to the latest version (review github.com/n8n-io/n8n/releases for patched release).
ROTATE ALL CREDENTIALS

Treat every credential stored in n8n — AI API keys, DB passwords, cloud tokens, webhook secrets — as compromised, regardless of evidence of exploitation.
AUDIT ACCESS LOGS

Review n8n activity logs for unexpected admin-level actions performed by non-admin accounts; flag any credential exports or workflow modifications.
ISOLATE IF UNPATCHED

If immediate patching is not possible, restrict n8n to an IP allowlist, revoke all non-essential accounts, and disable public registration.
DETECT POST-EXPLOITATION: Alert on admin role changes, new credential creation, or new workflow triggers not matching approved baselines.

CISA SSVC Assessment

Decision Attend

Exploitation poc

Automatable No

Technical Impact total

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

Auth Bypass Code Execution Data Extraction Agent Framework API AML.T0012 - Valid Accounts AML.T0049 - Exploit Public-Facing Application AML.T0053 - AI Agent Tool Invocation AML.T0081 - Modify AI Agent Configuration AML.T0083 - Credentials from AI Agent Configuration

Compliance Impact

This CVE is relevant to:

EU AI Act

Art.15 - Accuracy, robustness and cybersecurity

ISO 42001

A.6.1 - AI risk management process

NIST AI RMF

MANAGE-2.2 - Mechanisms to sustain identified risk responses

OWASP LLM Top 10

LLM08 - Excessive Agency

Frequently Asked Questions

What is CVE-2023-27563?

Any authenticated n8n user — including low-privilege API tokens or shared team accounts — can escalate to full admin in v0.218.0, with a published exploit available. Since n8n routinely stores API keys for OpenAI, AWS, and internal services, a single compromised low-privilege account translates directly into credential exfiltration across every connected service. Patch immediately and rotate all credentials stored in n8n as potentially compromised.

Is CVE-2023-27563 actively exploited?

Proof-of-concept exploit code is publicly available for CVE-2023-27563, increasing the risk of exploitation.

How to fix CVE-2023-27563?

1. PATCH IMMEDIATELY: Upgrade n8n to the latest version (review github.com/n8n-io/n8n/releases for patched release). 2. ROTATE ALL CREDENTIALS: Treat every credential stored in n8n — AI API keys, DB passwords, cloud tokens, webhook secrets — as compromised, regardless of evidence of exploitation. 3. AUDIT ACCESS LOGS: Review n8n activity logs for unexpected admin-level actions performed by non-admin accounts; flag any credential exports or workflow modifications. 4. ISOLATE IF UNPATCHED: If immediate patching is not possible, restrict n8n to an IP allowlist, revoke all non-essential accounts, and disable public registration. 5. DETECT POST-EXPLOITATION: Alert on admin role changes, new credential creation, or new workflow triggers not matching approved baselines.

What systems are affected by CVE-2023-27563?

This vulnerability affects the following AI/ML architecture patterns: agent frameworks, AI workflow automation, RAG pipelines, model serving.

What is the CVSS score for CVE-2023-27563?

CVE-2023-27563 has a CVSS v3.1 base score of 8.8 (HIGH). The EPSS exploitation probability is 0.33%.

Technical Details

NVD Description

The n8n package 0.218.0 for Node.js allows Escalation of Privileges.

Exploitation Scenario

An attacker registers or obtains any valid n8n account — through credential stuffing on a public-facing instance, a compromised contractor token, or social engineering a team member. Using crafted API requests described in the Synacktiv advisory, they escalate their session to admin privileges. As admin, they navigate to the Credentials vault and extract all stored API keys for OpenAI, AWS, internal databases, and webhook endpoints. They then silently modify an existing AI workflow — for example, a document summarization pipeline feeding an LLM — to forward all processed documents to an attacker-controlled endpoint. The attack leaves no obvious user-facing indicators and can persist indefinitely until the workflow is manually reviewed.