Authentication Bypass in n8n Chat Trigger Node by n8n
CVE-2026-56353

6.3MEDIUM

Key Information:

Vendor

N8n

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-56353?

The n8n platform has a significant vulnerability in the Chat Trigger node when using n8n User Auth configuration. In versions prior to 1.123.22 and between 2.0.0 to 2.9.2, and including version 2.10.0, an attacker can exploit the authentication check on the Chat Trigger webhook endpoint, enabling unauthorized access without valid credentials. The issue has been addressed in the subsequent releases 1.123.22, 2.9.3, and 2.10.1, reinforcing the need for users to update their instances to safeguard against potential exploitation.

Affected Version(s)

n8n 0 < 1.123.22

n8n 2.0.0 < 2.9.3

n8n 2.10.0 < 2.10.1

References

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

sm1ee
.