Platform
nodejs
Component
n8n
Fixed in
1.121.1
2.0.1
CVE-2026-33665 describes a Privilege Escalation vulnerability affecting n8n, an open-source workflow automation platform. This flaw allows authenticated LDAP users to potentially gain unauthorized access to administrator accounts by manipulating their LDAP email attribute. The vulnerability impacts versions 2.0.0-rc.0 through 2.3.9, and a fix is available in version 2.4.0.
The primary impact of CVE-2026-33665 is unauthorized account takeover. An attacker who can control their LDAP email attribute can manipulate it to match the email address of an existing local account, including an administrator. Upon subsequent login via LDAP, the attacker's identity will be linked to the target account, granting them full access to its privileges and data. This persistent linkage means that even if the attacker reverts the LDAP email attribute, the account takeover remains permanent. The potential for data exfiltration, system compromise, and disruption of automated workflows is significant.
This vulnerability was publicly disclosed on March 25, 2026. While no active exploitation campaigns have been publicly reported, the ease of exploitation and the potential impact make it a high-priority concern. There are currently no known public proof-of-concept exploits. The vulnerability has not been added to the CISA KEV catalog as of this writing.
Exploit Status
EPSS
0.02% (4% percentile)
CISA SSVC
The primary mitigation for CVE-2026-33665 is to upgrade n8n to version 2.4.0 or later, which contains the fix. If immediate upgrading is not possible, consider disabling LDAP authentication temporarily. As a workaround, restrict the ability to modify the LDAP email attribute to authorized users only. Implement strict email validation policies to prevent attackers from manipulating email addresses. Regularly audit user accounts and LDAP configurations for any suspicious activity.
Upgrade n8n to version 2.4.0 or later, or to version 1.121.0 or later. If upgrading is not immediately possible, disable LDAP authentication, restrict LDAP directory permissions so that users cannot modify their email attributes, or audit existing LDAP-linked accounts for unexpected account associations. These workarounds are temporary.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-33665 is a vulnerability in n8n versions ≤ 2.0.0-rc.0 and < 2.4.0 where LDAP authentication allows attackers to link LDAP identities to local accounts, potentially gaining administrator access.
You are affected if you are using n8n versions 2.0.0-rc.0 through 2.3.9 and have LDAP authentication enabled.
Upgrade n8n to version 2.4.0 or later. As a temporary workaround, disable LDAP authentication or restrict email attribute modification.
No active exploitation campaigns have been publicly reported, but the vulnerability's ease of exploitation warrants immediate attention.
Refer to the official n8n security advisory on their website or GitHub repository for detailed information and updates.
CVSS Vector
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.