CVE Catalog

CVE-2026-56350

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile — higher than 17% of all known CVEs

Summary

An authentication bypass vulnerability in n8n before version 2.8.0 allows authenticated SSO users to disable SSO enforcement via the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor authentication.

Risk Assessment

The organization loses control over authentication, potentially leading to unauthorized access to sensitive data and workflows, even when SSO and MFA are configured.

Recommendation

Immediately upgrade n8n to version 2.8.0 or later, which fixes this vulnerability.

Original NVD description (English source)

n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor authentication.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS