CVE-2026-56350
6
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Summary
n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor authentication.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n8n | n8n | 0 < 2.8.0 | affected |
| n8n | n8n | 2.8.0 | unaffected |
Weaknesses
- CWE-285: Improper Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/n8n-io/n8n/security/advisories/GHSA-vjf3-2gpj-233v
- https://www.vulncheck.com/advisories/n8n-sso-enforcement-bypass-via-api
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.