Auth bypass in N8n

CVE-2026-56350

n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizationa…

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N.

Affected products

  • N8n — versions 0, 2.8.0

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-56350?
CVE-2026-56350 is a medium-severity vulnerability in N8n, classified under Improper Authorization. CVSS score: 6.3/10. Published 2026-06-30.
How severe is CVE-2026-56350?
Medium severity. CVSS v3 base score is 6.3 out of 10.