CVE-2026-56353 - CERT CVE
ID CVE-2026-56353
Sažetak n8n contains an authentication bypass in the Chat Trigger node when configured with n8n User Auth (a non-default configuration). In affected releases — before 1.123.22, the 2.0.0 through 2.9.2 line, and 2.10.0 — the authentication check on the Chat Trigger webhook endpoint can be circumvented, allowing access without valid credentials. Fixed in 1.123.22, 2.9.3, and 2.10.1.
Reference
CVSS
Base: 4.8
Impact: 2.5
Exploitability:2.2
Pristup
VektorSloženostAutentikacija
NETWORK HIGH NONE
Impact
PovjerljivostCjelovitostDostupnost
LOW LOW NONE
CVSS vektor CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Zadnje važnije ažuriranje 15-07-2026 - 20:15
Objavljeno 15-07-2026 - 12:18