CVE-2026-56349
6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Summary
n8n before version 2.10.0 contains an input validation vulnerability in the Guardrail node that allows attackers to bypass default guardrail instructions. End users can craft malicious inputs to circumvent guardrail protections and compromise workflow integrity.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n8n | n8n | 0 < 2.10.0 | affected |
| n8n | n8n | 2.10.0 | unaffected |
Weaknesses
- CWE-20: Improper Input Validation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/n8n-io/n8n/security/advisories/GHSA-fvfv-ppw4-7h2w
- https://www.vulncheck.com/advisories/n8n-guardrail-node-bypass-via-crafted-input
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.