Authentication Bypass in n8n Chat Trigger Node by n8n
CVE-2026-56353
6.3MEDIUM
What is CVE-2026-56353?
The n8n platform has a significant vulnerability in the Chat Trigger node when using n8n User Auth configuration. In versions prior to 1.123.22 and between 2.0.0 to 2.9.2, and including version 2.10.0, an attacker can exploit the authentication check on the Chat Trigger webhook endpoint, enabling unauthorized access without valid credentials. The issue has been addressed in the subsequent releases 1.123.22, 2.9.3, and 2.10.1, reinforcing the need for users to update their instances to safeguard against potential exploitation.
Affected Version(s)
n8n 0 < 1.123.22
n8n 2.0.0 < 2.9.3
n8n 2.10.0 < 2.10.1
