CVE-2023-27564 — HIGH (CVSS 7.5) AI Security Vulnerability

CISO Take

n8n is widely deployed as an AI agent orchestration and workflow automation platform, making this unauthenticated information disclosure (CVSS 7.5, no auth/interaction required) a high-priority finding. Attackers can remotely extract sensitive data including API keys, credentials, and workflow configurations stored in n8n—effectively compromising every downstream AI service the platform connects to. Patch to a version past 0.218.0 immediately and audit all internet-exposed n8n instances.

Risk Assessment

High risk for organizations using n8n in AI/ML pipelines. The CVSS vector (AV:N/AC:L/PR:N/UI:N/C:H) indicates trivial remote exploitation requiring no authentication—this is a drive-by exfiltration scenario. n8n instances are frequently internet-exposed by design (webhooks, integrations), and the platform stores credentials for dozens of external services including AI APIs (OpenAI, Anthropic, HuggingFace). A single exposed instance can cascade into full compromise of the organization's AI service stack.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
n8n	npm	—	No patch
187.3K OpenSSF 6.1 16 dependents Pushed today 40% patched ~3d to patch Full package profile →

Do you use n8n? You're affected.

Severity & Risk

CVSS 3.1

7.5 / 10

EPSS

3.9%

chance of exploitation in 30 days

Higher than 88% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

Exploit Available

Exploitation: MEDIUM

Sophistication

Trivial

Exploitation Confidence

medium

○ CISA SSVC: Public PoC

○ Public PoC indexed (trickest/cve)

Composite signal derived from CISA KEV, CISA SSVC, EPSS, trickest/cve, and Nuclei templates.

Attack Surface

AV Network

AC Low

PR None

UI None

S Unchanged

C High

I None

A None

Recommended Action

6 steps

PATCH

Upgrade n8n past 0.218.0 immediately—check https://github.com/n8n-io/n8n/releases for patched version.
NETWORK

Place n8n behind a VPN or firewall; it should never be directly internet-exposed unless webhooks are explicitly required.
ROTATE

Rotate all credentials stored in n8n workflows (API keys, OAuth tokens, DB passwords) after patching.
AUDIT

Review n8n access logs for suspicious GET requests that may indicate prior exploitation.
DETECTION

Alert on unauthenticated API calls to n8n endpoints returning large payloads.
HARDEN

Enable n8n's built-in authentication (basic auth or SSO) if not already enforced.

CISA SSVC Assessment

Decision Track*

Exploitation poc

Automatable Yes

Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

Data Extraction Data Leakage Auth Bypass Agent Framework API AML.T0025 - Exfiltration via Cyber Means AML.T0049 - Exploit Public-Facing Application AML.T0055 - Unsecured Credentials AML.T0083 - Credentials from AI Agent Configuration AML.T0084 - Discover AI Agent Configuration

Compliance Impact

This CVE is relevant to:

EU AI Act

Article 15 - Accuracy, robustness and cybersecurity

ISO 42001

A.9.4 - Information security for AI systems

NIST AI RMF

MANAGE 2.2 - Risk treatment — AI system vulnerabilities and incidents

OWASP LLM Top 10

LLM06:2025 - Sensitive Information Disclosure

Frequently Asked Questions

What is CVE-2023-27564?

n8n is widely deployed as an AI agent orchestration and workflow automation platform, making this unauthenticated information disclosure (CVSS 7.5, no auth/interaction required) a high-priority finding. Attackers can remotely extract sensitive data including API keys, credentials, and workflow configurations stored in n8n—effectively compromising every downstream AI service the platform connects to. Patch to a version past 0.218.0 immediately and audit all internet-exposed n8n instances.

Is CVE-2023-27564 actively exploited?

Proof-of-concept exploit code is publicly available for CVE-2023-27564, increasing the risk of exploitation.

How to fix CVE-2023-27564?

1. PATCH: Upgrade n8n past 0.218.0 immediately—check https://github.com/n8n-io/n8n/releases for patched version. 2. NETWORK: Place n8n behind a VPN or firewall; it should never be directly internet-exposed unless webhooks are explicitly required. 3. ROTATE: Rotate all credentials stored in n8n workflows (API keys, OAuth tokens, DB passwords) after patching. 4. AUDIT: Review n8n access logs for suspicious GET requests that may indicate prior exploitation. 5. DETECTION: Alert on unauthenticated API calls to n8n endpoints returning large payloads. 6. HARDEN: Enable n8n's built-in authentication (basic auth or SSO) if not already enforced.

What systems are affected by CVE-2023-27564?

This vulnerability affects the following AI/ML architecture patterns: agent frameworks, AI workflow orchestration, RAG pipelines, model serving integrations, no-code AI automation.

What is the CVSS score for CVE-2023-27564?

CVE-2023-27564 has a CVSS v3.1 base score of 7.5 (HIGH). The EPSS exploitation probability is 3.89%.

Technical Details

NVD Description

The n8n package 0.218.0 for Node.js allows Information Disclosure.

Exploitation Scenario

An adversary scans the internet for exposed n8n instances (Shodan/Censys query trivial). Against a vulnerable 0.218.0 instance, they issue unauthenticated HTTP requests to exploit the information disclosure endpoint documented in Synacktiv's advisory, extracting the stored credentials database. This yields API keys for OpenAI, Anthropic, Pinecone, and other AI services configured in workflows. The adversary then uses these keys to: (a) abuse AI APIs at victim's expense, (b) exfiltrate data from connected RAG/vector databases, (c) inject malicious instructions into automated AI workflows by replaying webhook triggers with stolen secrets. Full AI pipeline compromise in under 15 minutes from initial scan.