cvedb.io
CVE-2026-56350
MEDIUM · CVSS 6.3
EPSS exploitation probability: 0%
Published 2026-06-30T23:17:30.867 · Last modified 2026-07-02T19:38:20.633

Summary

n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor authentication.

Affected products

n8n — n8n

Does this affect you?

Add your gear to cvedb and we'll alert you only when n8n ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.