← back
CVE-2026-56350

n8n - SSO Enforcement Bypass via API

CVSS 6 MEDIUMEPSS 0.3%CWE-285
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
30 Jun 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor authentication.
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Affected products
n8n · n8n

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →