Skip to main content

n8n EUVDEUVD-2026-44626

| CVE-2026-56353 MEDIUM
Improper Authentication (CWE-287)
2026-07-15 VulnCheck GHSA-455f-pg36-wx7g
6.3
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.8 MEDIUM

Non-default n8n User Auth configuration required maps to AC:H; no credentials or interaction needed; impact limited to low read and write on workflow data only.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jul 15, 2026 - 13:03 EUVD
Source Code Evidence Fetched
Jul 15, 2026 - 12:38 vuln.today
Analysis Generated
Jul 15, 2026 - 12:38 vuln.today

DescriptionCVE.org

n8n contains an authentication bypass in the Chat Trigger node when configured with n8n User Auth (a non-default configuration). In affected releases - before 1.123.22, the 2.0.0 through 2.9.2 line, and 2.10.0 - the authentication check on the Chat Trigger webhook endpoint can be circumvented, allowing access without valid credentials. Fixed in 1.123.22, 2.9.3, and 2.10.1.

AnalysisAI

Authentication bypass in the n8n Chat Trigger node allows unauthenticated network access to protected webhook endpoints when the node is explicitly configured with n8n User Auth - a non-default operator setting. Affected releases span all 1.x builds before 1.123.22, the entire 2.0.0-2.9.2 range, and 2.10.0. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Discover publicly reachable n8n webhook URL
Delivery
Probe endpoint for n8n User Auth protection
Exploit
Craft HTTP request omitting valid credentials
Execution
Authentication check bypassed by flaw
Persist
Gain unauthorized access to chat workflow
Impact
Read or inject data into protected workflow

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target n8n instance has at least one active Chat Trigger node explicitly configured to use 'n8n User Auth' authentication - an option the operator must deliberately select, as it is not the default. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N) presents a nuanced picture. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker enumerates a publicly accessible n8n instance, identifies an active Chat Trigger webhook endpoint, and determines through probing or prior knowledge that the node is configured with n8n User Auth. The attacker sends a crafted HTTP request to the webhook URL without supplying valid credentials; the authentication check is bypassed and the server grants access, allowing the attacker to interact with the protected chat workflow - reading conversational context, triggering downstream workflow actions, or injecting data into automated pipelines. …
Remediation Upgrade n8n to a patched release: version 1.123.22 or later for the 1.x line, version 2.9.3 or later for the 2.9.x line, or version 2.10.1 or later for the 2.10.x line. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in N8n

View all
CVE-2026-21877 CRITICAL POC
9.9 Jan 08

n8n workflow automation (through 1.121.2) allows authenticated users to execute arbitrary code via the n8n service, with

CVE-2026-21858 CRITICAL POC
10.0 Jan 08

n8n workflow automation (1.65.0 to 1.121.0) allows unauthenticated file access through form-based workflows. A critical

CVE-2026-1470 CRITICAL POC
9.9 Jan 27

n8n has a fifth critical RCE vulnerability (CVSS 9.9) in the Expression evaluator, enabling code execution through craft

CVE-2026-33660 CRITICAL POC
9.4 Mar 25

An authenticated user with workflow creation or modification privileges in n8n workflow automation platform can exploit

CVE-2026-33665 HIGH POC
8.8 Mar 25

Authenticated n8n users can hijack administrator accounts when LDAP authentication is enabled by manipulating their LDAP

CVE-2023-27563 HIGH POC
8.8 May 10

The n8n package 0.218.0 for Node.js allows Escalation of Privileges. Rated high severity (CVSS 8.8), this vulnerability

CVE-2026-0863 HIGH POC
8.5 Jan 18

Authenticated users can exploit string formatting and exception handling in n8n's Python task executor to escape sandbox

CVE-2023-27564 HIGH POC
7.5 May 10

The n8n package 0.218.0 for Node.js allows Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is

CVE-2023-27562 MEDIUM POC
6.5 May 10

The n8n package 0.218.0 for Node.js allows Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is

CVE-2026-33724 MEDIUM POC
6.3 Mar 25

n8n versions prior to 2.5.0 contain a critical SSH host key verification bypass in the Source Control feature that allow

CVE-2026-33720 MEDIUM POC
6.3 Mar 25

This vulnerability in n8n (an open-source workflow automation platform) is an authentication bypass in the OAuth callbac

CVE-2026-27577 CRITICAL
9.9 Feb 25

Additional expression evaluation exploits in n8n before 2.10.1/2.9.3/1.123.22. Fourth distinct code execution path throu

Share

EUVD-2026-44626 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy