Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-56350— n8n - SSO Enforcement Bypass via API

CVSS 6.3 · Medium EPSS 0.26% · P17

Affected Version Matrix 2

VendorProductVersion RangeStatus
n8nn8n< 2.8.0affected
2.8.0unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-56350

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
n8n - SSO Enforcement Bypass via API
Source: NVD (National Vulnerability Database)
Vulnerability Description
n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor authentication.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
n8n 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
n8n是n8n公司开源的一个可扩展的工作流自动化工具。 n8n 2.8.0之前版本存在授权问题漏洞,该漏洞源于存在身份验证绕过漏洞,允许经过身份验证的SSO用户通过API禁用SSO强制策略,攻击者可以创建本地密码凭据直接进行身份验证,绕过组织SSO策略和身份提供商强制实施的多因素身份验证。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
n8nn8n 0 ~ 2.8.0 -

II. Public POCs for CVE-2026-56350

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-56350

登录查看更多情报信息。

Vendor Advisories for CVE-2026-56350 (2)

Same Patch Batch · n8n · 2026-06-30 · 3 CVEs total

CVE-2026-563565.4 MEDIUMn8n - Stored Cross-Site Scripting in Chat Trigger Node Custom CSS Field
CVE-2026-567775.0 MEDIUMn8n - AST Validator Bypass in Python Code Node

IV. Related Vulnerabilities

V. Comments for CVE-2026-56350

No comments yet


Leave a comment