CVE-2026-56350

MEDIUM

n8n - SSO Enforcement Bypass via API

Title source: cna
STIX 2.1

Description

n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor authentication.

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-vjf3-2gpj-233v)
https://github.com/n8n-io/n8n/security/advisories/GHSA-vjf3-2gpj-233v
Third Party Advisory third-party-advisory
VulnCheck Advisory: n8n - SSO Enforcement Bypass via API
https://www.vulncheck.com/advisories/n8n-sso-enforcement-bypass-via-api

Scores

CVSS v3 6.3
EPSS 0.0028
EPSS Percentile 19.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-285
Status published
Products (2)
n8n/n8n < 2.8.0 (2 CPE variants)
n8n/n8n 2.8.0
Published Jun 30, 2026
Tracked Since Jul 01, 2026