1.121.1
2.0.1
CVE-2026-33665 describes a Privilege Escalation vulnerability affecting n8n, an open-source workflow automation platform. This flaw allows authenticated LDAP users to potentially gain unauthorized access to administrator accounts by manipulating their LDAP email attribute. The vulnerability impacts versions 2.0.0-rc.0 through 2.3.9, and a fix is available in version 2.4.0.
The primary impact of CVE-2026-33665 is unauthorized account takeover. An attacker who can control their LDAP email attribute can manipulate it to match the email address of an existing local account, including an administrator. Upon subsequent login via LDAP, the attacker's identity will be linked to the target account, granting them full access to its privileges and data. This persistent linkage means that even if the attacker reverts the LDAP email attribute, the account takeover remains permanent. The potential for data exfiltration, system compromise, and disruption of automated workflows is significant.
This vulnerability was publicly disclosed on March 25, 2026. While no active exploitation campaigns have been publicly reported, the ease of exploitation and the potential impact make it a high-priority concern. There are currently no known public proof-of-concept exploits. The vulnerability has not been added to the CISA KEV catalog as of this writing.
Organizations utilizing n8n with LDAP authentication, particularly those with administrator accounts sharing email domains with LDAP users, are at significant risk. Shared hosting environments where multiple users share LDAP credentials are also particularly vulnerable.
• nodejs: Monitor n8n logs for unusual account linking events or LDAP authentication errors.
grep -i 'ldap account linked' /var/log/n8n/n8n.log• generic web: Check n8n configuration files for LDAP authentication enabled and review LDAP user permissions.
cat /etc/n8n/config.yaml | grep ldap• generic web: Monitor access logs for unusual login patterns or attempts to modify user email addresses.
grep -i 'email update' /var/log/apache2/access.logdisclosure
エクスプロイト状況
EPSS
0.02% (4% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2026-33665 is to upgrade n8n to version 2.4.0 or later, which contains the fix. If immediate upgrading is not possible, consider disabling LDAP authentication temporarily. As a workaround, restrict the ability to modify the LDAP email attribute to authorized users only. Implement strict email validation policies to prevent attackers from manipulating email addresses. Regularly audit user accounts and LDAP configurations for any suspicious activity.
n8n をバージョン 2.4.0 以降、またはバージョン 1.121.0 以降にアップデートしてください。アップデートがすぐに不可能な場合は、LDAP 認証を無効にする、ユーザーがメール属性を修正できないように LDAP ディレクトリの権限を制限する、または既存の LDAP リンクアカウントを監査して、予期しないアカウント関連付けを検出してください。これらの回避策は一時的なものです。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-33665 is a vulnerability in n8n versions ≤ 2.0.0-rc.0 and < 2.4.0 where LDAP authentication allows attackers to link LDAP identities to local accounts, potentially gaining administrator access.
You are affected if you are using n8n versions 2.0.0-rc.0 through 2.3.9 and have LDAP authentication enabled.
Upgrade n8n to version 2.4.0 or later. As a temporary workaround, disable LDAP authentication or restrict email attribute modification.
No active exploitation campaigns have been publicly reported, but the vulnerability's ease of exploitation warrants immediate attention.
Refer to the official n8n security advisory on their website or GitHub repository for detailed information and updates.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。