PT-2026-56437 · N8N · N8N
Jjjutla
+1
·
Published
2026-07-08
·
Updated
2026-07-08
·
CVE-2026-56360
CVSS v3.1
4.0
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 signatures on Zendesk webhooks in the ZendeskTrigger node. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary malicious data.
Fix
Authentication Bypass by Spoofing
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
N8N