n8n: Ligação de Conta Baseada em Email LDAP Permite Escalada de Privilégios e Apropriação de Conta
Plataforma
nodejs
Componente
n8n
Corrigido em
1.121.1
2.0.1
CVE-2026-33665 describes a Privilege Escalation vulnerability affecting n8n, an open-source workflow automation platform. This flaw allows authenticated LDAP users to potentially gain unauthorized access to administrator accounts by manipulating their LDAP email attribute. The vulnerability impacts versions 2.0.0-rc.0 through 2.3.9, and a fix is available in version 2.4.0.
Impacto e Cenários de Ataquetraduzindo…
The primary impact of CVE-2026-33665 is unauthorized account takeover. An attacker who can control their LDAP email attribute can manipulate it to match the email address of an existing local account, including an administrator. Upon subsequent login via LDAP, the attacker's identity will be linked to the target account, granting them full access to its privileges and data. This persistent linkage means that even if the attacker reverts the LDAP email attribute, the account takeover remains permanent. The potential for data exfiltration, system compromise, and disruption of automated workflows is significant.
Contexto de Exploraçãotraduzindo…
This vulnerability was publicly disclosed on March 25, 2026. While no active exploitation campaigns have been publicly reported, the ease of exploitation and the potential impact make it a high-priority concern. There are currently no known public proof-of-concept exploits. The vulnerability has not been added to the CISA KEV catalog as of this writing.
Quem Está em Riscotraduzindo…
Organizations utilizing n8n with LDAP authentication, particularly those with administrator accounts sharing email domains with LDAP users, are at significant risk. Shared hosting environments where multiple users share LDAP credentials are also particularly vulnerable.
Passos de Detecçãotraduzindo…
• nodejs: Monitor n8n logs for unusual account linking events or LDAP authentication errors.
grep -i 'ldap account linked' /var/log/n8n/n8n.log• generic web: Check n8n configuration files for LDAP authentication enabled and review LDAP user permissions.
cat /etc/n8n/config.yaml | grep ldap• generic web: Monitor access logs for unusual login patterns or attempts to modify user email addresses.
grep -i 'email update' /var/log/apache2/access.logLinha do Tempo do Ataque
- Disclosure
disclosure
Inteligência de Ameaças
Status do Exploit
EPSS
0.02% (percentil 4%)
CISA SSVC
Vetor CVSS
O que significam essas métricas?
- Attack Vector
- Rede — explorável remotamente pela internet. Sem acesso físico ou local necessário.
- Attack Complexity
- Alta — exige condição de corrida, configuração não padrão ou circunstâncias específicas.
- Privileges Required
- Baixo — qualquer conta de usuário válida é suficiente.
- User Interaction
- Nenhuma — ataque automático e silencioso. A vítima não faz nada.
- Scope
- Alterado — o ataque pode pivotar para além do componente vulnerável.
- Confidentiality
- Alto — perda total de confidencialidade. O atacante pode ler todos os dados.
- Integrity
- Alto — o atacante pode escrever, modificar ou excluir qualquer dado.
- Availability
- Nenhum — sem impacto na disponibilidade.
Software Afetado
Classificação de Fraqueza (CWE)
Linha do tempo
- Reservado
- Publicada
- Modificada
- EPSS atualizado
Mitigação e Soluções Alternativastraduzindo…
The primary mitigation for CVE-2026-33665 is to upgrade n8n to version 2.4.0 or later, which contains the fix. If immediate upgrading is not possible, consider disabling LDAP authentication temporarily. As a workaround, restrict the ability to modify the LDAP email attribute to authorized users only. Implement strict email validation policies to prevent attackers from manipulating email addresses. Regularly audit user accounts and LDAP configurations for any suspicious activity.
Como corrigir
Atualize n8n para a versão 2.4.0 ou superior, ou para a versão 1.121.0 ou superior. Se a atualização não for possível imediatamente, desabilite a autenticação LDAP, restrinja as permissões do diretório LDAP para que os usuários não possam modificar seus atributos de email ou audite as contas vinculadas a LDAP existentes para detectar associações de contas inesperadas. Essas soluções alternativas são temporárias.
Boletim de Segurança CVE
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
Perguntas frequentestraduzindo…
What is CVE-2026-33665 — Privilege Escalation in n8n?
CVE-2026-33665 is a vulnerability in n8n versions ≤ 2.0.0-rc.0 and < 2.4.0 where LDAP authentication allows attackers to link LDAP identities to local accounts, potentially gaining administrator access.
Am I affected by CVE-2026-33665 in n8n?
You are affected if you are using n8n versions 2.0.0-rc.0 through 2.3.9 and have LDAP authentication enabled.
How do I fix CVE-2026-33665 in n8n?
Upgrade n8n to version 2.4.0 or later. As a temporary workaround, disable LDAP authentication or restrict email attribute modification.
Is CVE-2026-33665 being actively exploited?
No active exploitation campaigns have been publicly reported, but the vulnerability's ease of exploitation warrants immediate attention.
Where can I find the official n8n advisory for CVE-2026-33665?
Refer to the official n8n security advisory on their website or GitHub repository for detailed information and updates.
Seu projeto está afetado?
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.