Back to overview

CVE-2026-56350

MEDIUM
6.3
CVSS 3.1
Description
n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor authentication.

Metadata

CVE ID
CVE-2026-56350
State
PUBLISHED
Assigner
VulnCheck
Reserved
2026-06-20 18:13 UTC
Published
2026-06-30 22:08 UTC
Last updated
2026-06-30 22:08 UTC
Primary CWE
CWE-285
Improper Authorization
Vendor / Product
n8n / n8n
Sources
cve.org  ·  NVD

Severity & Metrics

6.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N
Affected products (1)
VendorProductPlatformVersions
n8n n8n 0 < 2.8.0, 2.8.0
Weakness (CWE)
CWESourceDescription
CWE-285 cna Improper Authorization
CVSS scores (2)
ScoreSeverityVersionSourceVector
6.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N
6.0 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
References (2)
Back to overview