Skip to main content

n8n CVE-2026-56349

| EUVDEUVD-2026-44624 MEDIUM
Improper Input Validation (CWE-20)
2026-07-15 VulnCheck GHSA-9v3h-fx77-8r29
6.3
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Network vector confirmed; no auth required for end-user input; crafting bypass input is low complexity; integrity-only impact with no confidentiality or availability consequence.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jul 15, 2026 - 13:03 EUVD
Source Code Evidence Fetched
Jul 15, 2026 - 12:39 vuln.today
Analysis Generated
Jul 15, 2026 - 12:39 vuln.today

DescriptionCVE.org

n8n before version 2.10.0 contains an input validation vulnerability in the Guardrail node that allows attackers to bypass default guardrail instructions. End users can craft malicious inputs to circumvent guardrail protections and compromise workflow integrity.

AnalysisAI

Input validation bypass in n8n's Guardrail node (versions before 2.10.0) allows end users interacting with affected workflows to circumvent AI safety guardrail instructions through crafted inputs, undermining workflow integrity. Any n8n deployment running a workflow that incorporates the Guardrail node is exposed; instances not using that node are entirely unaffected regardless of version. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify n8n workflow with Guardrail node
Delivery
Access workflow input endpoint
Exploit
Craft prompt-bypass input
Execution
Submit malicious input to Guardrail node
Persist
Evade guardrail instruction matching
Impact
Downstream workflow processes prohibited content

Vulnerability AssessmentAI

Exploitation Exploitation requires that the targeted n8n instance is running a workflow that explicitly incorporates the Guardrail node - n8n deployments not using this component are entirely unaffected regardless of version, making this a feature-specific exposure. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 6.3 reflects a network-accessible (AV:N), low-complexity (AC:L) attack requiring no privileges (PR:N) or user interaction (UI:N), with a specific attack requirement present (AT:P) that limits exposure to deployments actively using the Guardrail node. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An external user with access to an n8n workflow endpoint (e.g., via a public webhook or form trigger) submits a specially structured input - likely a prompt-injection-style string - designed to confuse or evade the Guardrail node's instruction-matching logic, causing the workflow to process content that the administrator intended to block. No public proof-of-concept code has been identified, but the technique would involve probing the guardrail's natural-language pattern-matching with inputs that rephrase, encode, or fragment the prohibited content. …
Remediation The primary remediation is to upgrade n8n to version 2.10.0 or later; this is a vendor-released patch confirmed by both the GitHub Security Advisory GHSA-fvfv-ppw4-7h2w and upstream commit 8d0251d1deef256fd3d9176f05dedab62afde918 (https://github.com/n8n-io/n8n/commit/8d0251d1deef256fd3d9176f05dedab62afde918). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in N8n

View all
CVE-2026-21877 CRITICAL POC
9.9 Jan 08

n8n workflow automation (through 1.121.2) allows authenticated users to execute arbitrary code via the n8n service, with

CVE-2026-21858 CRITICAL POC
10.0 Jan 08

n8n workflow automation (1.65.0 to 1.121.0) allows unauthenticated file access through form-based workflows. A critical

CVE-2026-1470 CRITICAL POC
9.9 Jan 27

n8n has a fifth critical RCE vulnerability (CVSS 9.9) in the Expression evaluator, enabling code execution through craft

CVE-2026-33660 CRITICAL POC
9.4 Mar 25

An authenticated user with workflow creation or modification privileges in n8n workflow automation platform can exploit

CVE-2026-33665 HIGH POC
8.8 Mar 25

Authenticated n8n users can hijack administrator accounts when LDAP authentication is enabled by manipulating their LDAP

CVE-2023-27563 HIGH POC
8.8 May 10

The n8n package 0.218.0 for Node.js allows Escalation of Privileges. Rated high severity (CVSS 8.8), this vulnerability

CVE-2026-0863 HIGH POC
8.5 Jan 18

Authenticated users can exploit string formatting and exception handling in n8n's Python task executor to escape sandbox

CVE-2023-27564 HIGH POC
7.5 May 10

The n8n package 0.218.0 for Node.js allows Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is

CVE-2023-27562 MEDIUM POC
6.5 May 10

The n8n package 0.218.0 for Node.js allows Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is

CVE-2026-33724 MEDIUM POC
6.3 Mar 25

n8n versions prior to 2.5.0 contain a critical SSH host key verification bypass in the Source Control feature that allow

CVE-2026-33720 MEDIUM POC
6.3 Mar 25

This vulnerability in n8n (an open-source workflow automation platform) is an authentication bypass in the OAuth callbac

CVE-2026-27577 CRITICAL
9.9 Feb 25

Additional expression evaluation exploits in n8n before 2.10.1/2.9.3/1.123.22. Fourth distinct code execution path throu

Share

CVE-2026-56349 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy