PT-2026-54039 · N8N · N8N
Stanislavfortaisle
·
Published
2026-06-30
·
Updated
2026-07-01
·
CVE-2026-56350
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
n8n versions prior to 2.8.0
Description
An authentication bypass exists that allows authenticated Single Sign-On (SSO) users to disable SSO enforcement via the API. This allows attackers to create local password credentials to authenticate directly, which bypasses organizational SSO policies and multi-factor authentication enforced by the identity provider.
Recommendations
Update to version 2.8.0 or later.
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
N8N