CVE-2026-33665: n8n: LDAP email match enables permanent account takeover

GHSA-c545-x2rh-82fc HIGH
Published March 25, 2026
CISO Take

If your n8n deployment uses LDAP authentication, patch to version 2.4.0 or 1.121.0 immediately — any low-privilege LDAP user who can edit their own email attribute can permanently hijack admin accounts. n8n agents typically hold API keys, database credentials, and broad tool access, making admin takeover a full-blast-radius compromise. If patching is not immediate, disable LDAP auth and audit all LDAP-linked accounts now.

What is the risk?

CVSS 8.2 (High) with Scope:Changed reflects the real danger: one compromised LDAP account escalates to platform admin. Attack Complexity is High because the attacker must control their LDAP email attribute, but this is trivially achievable in many enterprise LDAP deployments where users have self-service attributes. The persistence mechanism — linkage survives email revert — is particularly severe. EPSS is very low (0.00013) suggesting no active exploitation at time of disclosure, but the technique is straightforward once discovered. Risk is elevated for any organization running n8n as an AI agent orchestration platform, where admin access equates to full credential and workflow exfiltration.

What systems are affected?

Package Ecosystem Vulnerable Range Patched
n8n npm >= 2.0.0-rc.0, < 2.4.0 2.4.0
194.3K OpenSSF 6.6 Pushed 6d ago 53% patched ~7d to patch Full package profile →

Do you use n8n? You're affected.

How severe is it?

CVSS 3.1
8.2 / 10
EPSS
0.3%
chance of exploitation in 30 days
Higher than 24% of all CVEs
Exploitation Status
No known exploitation
Sophistication
Moderate

What is the attack surface?

AV AC PR UI S C I A
AV Network
AC High
PR Low
UI None
S Changed
C High
I High
A None

What should I do?

6 steps
  1. PATCH

    Upgrade n8n to 2.4.0 (v2 branch) or 1.121.0 (v1 branch) immediately.

  2. INTERIM

    If patching is delayed, disable LDAP authentication via n8n admin settings.

  3. LDAP HARDENING

    Restrict LDAP directory ACLs so users cannot modify their own mail/email attributes — enforce this via AD Group Policy or LDAP ACL review.

  4. AUDIT

    Query n8n database for accounts with both ldap_id and local password set; flag unexpected LDAP-to-local linkages, especially on admin accounts.

  5. DETECT

    Review n8n access logs for admin logins from LDAP-sourced sessions that predate the account's normal admin tenure.

  6. POST-PATCH: Rotate all credentials stored in n8n workflows as a precaution if LDAP was active and accounts were not audited.

What does CISA's SSVC say?

Decision Track
Exploitation none
Automatable No
Technical Impact total

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

How is it classified?

Which compliance frameworks are affected?

This CVE is relevant to:

EU AI Act
Art.9 - Risk management system for high-risk AI
ISO 42001
A.6.2.6 - Access control for AI systems
NIST AI RMF
GOVERN-1.7 - Processes and procedures for AI risk management MANAGE-2.2 - Mechanisms to respond to AI risks
OWASP LLM Top 10
LLM08 - Excessive Agency

Frequently Asked Questions

What is CVE-2026-33665?

If your n8n deployment uses LDAP authentication, patch to version 2.4.0 or 1.121.0 immediately — any low-privilege LDAP user who can edit their own email attribute can permanently hijack admin accounts. n8n agents typically hold API keys, database credentials, and broad tool access, making admin takeover a full-blast-radius compromise. If patching is not immediate, disable LDAP auth and audit all LDAP-linked accounts now.

Is CVE-2026-33665 actively exploited?

No confirmed active exploitation of CVE-2026-33665 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-33665?

1. PATCH: Upgrade n8n to 2.4.0 (v2 branch) or 1.121.0 (v1 branch) immediately. 2. INTERIM: If patching is delayed, disable LDAP authentication via n8n admin settings. 3. LDAP HARDENING: Restrict LDAP directory ACLs so users cannot modify their own mail/email attributes — enforce this via AD Group Policy or LDAP ACL review. 4. AUDIT: Query n8n database for accounts with both ldap_id and local password set; flag unexpected LDAP-to-local linkages, especially on admin accounts. 5. DETECT: Review n8n access logs for admin logins from LDAP-sourced sessions that predate the account's normal admin tenure. 6. POST-PATCH: Rotate all credentials stored in n8n workflows as a precaution if LDAP was active and accounts were not audited.

What systems are affected by CVE-2026-33665?

This vulnerability affects the following AI/ML architecture patterns: agent frameworks, AI workflow orchestration, multi-tool agent pipelines, model serving integrations.

What is the CVSS score for CVE-2026-33665?

CVE-2026-33665 has a CVSS v3.1 base score of 8.2 (HIGH). The EPSS exploitation probability is 0.32%.

What is the AI security impact?

Affected AI Architectures

agent frameworksAI workflow orchestrationmulti-tool agent pipelinesmodel serving integrations

MITRE ATLAS Techniques

AML.T0012 Valid Accounts
AML.T0049 Exploit Public-Facing Application
AML.T0053 AI Agent Tool Invocation
AML.T0081 Modify AI Agent Configuration
AML.T0083 Credentials from AI Agent Configuration

Compliance Controls Affected

EU AI Act: Art.9
ISO 42001: A.6.2.6
NIST AI RMF: GOVERN-1.7, MANAGE-2.2
OWASP LLM Top 10: LLM08

What are the technical details?

Original Advisory

n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could control their own LDAP email attribute could set it to match another user's email — including an administrator's — and upon login gain full access to that account. The account linkage persisted even if the LDAP email was later reverted, resulting in a permanent account takeover. LDAP authentication must be configured and active (non-default). The issue has been fixed in n8n versions 2.4.0 and 1.121.0. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Disable LDAP authentication until the instance can be upgraded, restrict LDAP directory permissions so that users cannot modify their own email attributes, and/or audit existing LDAP-linked accounts for unexpected account associations. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

Exploitation Scenario

An adversary gains or already holds a low-privilege LDAP account (via phishing, credential stuffing, or insider threat). They identify the email address of an n8n administrator — often findable via LinkedIn, company directory, or OSINT. They modify their own LDAP email attribute (e.g., using self-service LDAP tools or compromised LDAP write access) to match the admin's email. On next login to n8n, the platform automatically links their LDAP identity to the admin's local account. The attacker now has full admin access, can read all stored workflow credentials (LLM API keys, database passwords, SaaS OAuth tokens), modify AI agent workflows to exfiltrate data or pivot laterally, and maintain persistent access even after reverting their LDAP email. In an AI agent context, they could silently add a webhook exfiltration step to every pipeline that processes sensitive data.

Weaknesses (CWE)

CWE-287 — Improper Authentication: When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

  • [Architecture and Design] Use an authentication framework or library such as the OWASP ESAPI Authentication feature.

Source: MITRE CWE corpus.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Timeline

Published
March 25, 2026
Last Modified
March 27, 2026
First Seen
March 25, 2026

Related Vulnerabilities