Plateforme
nodejs
Composant
n8n
Corrigé dans
1.121.1
2.0.1
CVE-2026-33665 describes a Privilege Escalation vulnerability affecting n8n, an open-source workflow automation platform. This flaw allows authenticated LDAP users to potentially gain unauthorized access to administrator accounts by manipulating their LDAP email attribute. The vulnerability impacts versions 2.0.0-rc.0 through 2.3.9, and a fix is available in version 2.4.0.
The primary impact of CVE-2026-33665 is unauthorized account takeover. An attacker who can control their LDAP email attribute can manipulate it to match the email address of an existing local account, including an administrator. Upon subsequent login via LDAP, the attacker's identity will be linked to the target account, granting them full access to its privileges and data. This persistent linkage means that even if the attacker reverts the LDAP email attribute, the account takeover remains permanent. The potential for data exfiltration, system compromise, and disruption of automated workflows is significant.
This vulnerability was publicly disclosed on March 25, 2026. While no active exploitation campaigns have been publicly reported, the ease of exploitation and the potential impact make it a high-priority concern. There are currently no known public proof-of-concept exploits. The vulnerability has not been added to the CISA KEV catalog as of this writing.
Organizations utilizing n8n with LDAP authentication, particularly those with administrator accounts sharing email domains with LDAP users, are at significant risk. Shared hosting environments where multiple users share LDAP credentials are also particularly vulnerable.
• nodejs: Monitor n8n logs for unusual account linking events or LDAP authentication errors.
grep -i 'ldap account linked' /var/log/n8n/n8n.log• generic web: Check n8n configuration files for LDAP authentication enabled and review LDAP user permissions.
cat /etc/n8n/config.yaml | grep ldap• generic web: Monitor access logs for unusual login patterns or attempts to modify user email addresses.
grep -i 'email update' /var/log/apache2/access.logdisclosure
Statut de l'Exploit
EPSS
0.02% (percentile 4%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2026-33665 is to upgrade n8n to version 2.4.0 or later, which contains the fix. If immediate upgrading is not possible, consider disabling LDAP authentication temporarily. As a workaround, restrict the ability to modify the LDAP email attribute to authorized users only. Implement strict email validation policies to prevent attackers from manipulating email addresses. Regularly audit user accounts and LDAP configurations for any suspicious activity.
Mettez à niveau n8n à la version 2.4.0 ou supérieure, ou à la version 1.121.0 ou supérieure. Si la mise à niveau n'est pas possible immédiatement, désactivez l'authentification LDAP, restreignez les permissions du répertoire LDAP pour que les utilisateurs ne puissent pas modifier leurs attributs de courrier électronique ou auditez les comptes liés à LDAP existants pour détecter des associations de comptes inattendues. Ces solutions de contournement sont temporaires.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-33665 is a vulnerability in n8n versions ≤ 2.0.0-rc.0 and < 2.4.0 where LDAP authentication allows attackers to link LDAP identities to local accounts, potentially gaining administrator access.
You are affected if you are using n8n versions 2.0.0-rc.0 through 2.3.9 and have LDAP authentication enabled.
Upgrade n8n to version 2.4.0 or later. As a temporary workaround, disable LDAP authentication or restrict email attribute modification.
No active exploitation campaigns have been publicly reported, but the vulnerability's ease of exploitation warrants immediate attention.
Refer to the official n8n security advisory on their website or GitHub repository for detailed information and updates.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.