CVE-2026-56349
MEDIUM
6.3
CVSS 4.0
Description
n8n before version 2.10.0 contains an input validation vulnerability in the Guardrail node that allows attackers to bypass default guardrail instructions. End users can craft malicious inputs to circumvent guardrail protections and compromise workflow integrity.
Metadata
Severity & Metrics
6.3
MEDIUM CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| n8n | n8n | — | 0 < 2.10.0, 2.10.0 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-20 | cna | Improper Input Validation |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 6.3 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
References (2)
- GitHub Security Advisory (GHSA-fvfv-ppw4-7h2w) https://github.com/n8n-io/n8n/security/advisories/GHSA-fvfv-ppw4-7h2w
- VulnCheck Advisory: n8n - Guardrail Node Bypass via Crafted Input https://www.vulncheck.com/advisories/n8n-guardrail-node-bypass-via-crafted-input