Webhook Forgery Vulnerability in n8n by n8n-io
CVE-2026-56360
6.3MEDIUM
What is CVE-2026-56360?
n8n before versions 1.123.18 and 2.6.2 contains a vulnerability where the ZendeskTrigger node does not properly verify HMAC-SHA256 signatures on incoming webhooks. This oversight allows attackers who possess the webhook URL to send unauthorized, unsigned POST requests, potentially triggering workflows with harmful data. This vulnerability emphasizes the importance of validating webhook signatures to secure automated processes against exploitation.
Affected Version(s)
n8n 0 < 1.123.18
n8n 2.0.0 < 2.6.2
n8n 1.123.18
