Auth bypass in N8n
CVE-2026-56350
n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizationa…
CVSS v3 metric
CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N.
Affected products
- N8n — versions 0, 2.8.0
Weakness classification (CWE)
References
- disclosure@vulncheck.com (vendor-advisory)
- disclosure@vulncheck.com (third-party-advisory)
Frequently asked questions
- What is CVE-2026-56350?
- CVE-2026-56350 is a medium-severity vulnerability in N8n, classified under Improper Authorization. CVSS score: 6.3/10. Published 2026-06-30.
- How severe is CVE-2026-56350?
- Medium severity. CVSS v3 base score is 6.3 out of 10.