Description
n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor authentication.
Published: 2026-06-30
Score: 6 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

n8n before version 2.8.0 contains an authentication bypass that lets authenticated SSO users disable the system’s SSO enforcement via the API. This allows an attacker to create local password credentials and authenticate directly, circumventing the organization’s SSO policies and any multi‑factor authentication enforced at the identity provider. The weakness is an authorization flaw (CWE‑285) that can lead to unauthorized credential creation and potential escalation of privileges.

Affected Systems

The affected product is the n8n workflow automation platform, specifically all releases prior to 2.8.0. The vulnerability is present in n8n workflows shipped before the 2.8.0 release; no later version has been documented to remain vulnerable.

Risk and Exploitability

The CVSS score of 6 indicates moderate severity. EPSS is not available and the vulnerability is not listed in the CISA KEV catalog. Because the attack requires an existing authenticated SSO account and the ability to send API requests, the likely vector is remote API exploitation with privileged access. An attacker can disable SSO enforcement, create local logins, and then use those credentials to bypass MFA and other security controls, potentially enabling further lateral movement or elevated privileges.

Generated by OpenCVE AI on June 30, 2026 at 23:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade n8n to version 2.8.0 or later, which removes the API endpoint that allows disabling SSO enforcement.
  • Restrict API access to trusted administrators only by enabling IP whitelisting or role‑based access controls.
  • Disable local password authentication in the n8n configuration if not needed, preventing new local credentials from being created via API.
  • Monitor configuration changes to SSO enforcement settings and audit API usage logs for unexpected modifications.

Generated by OpenCVE AI on June 30, 2026 at 23:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Description n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor authentication.
Title n8n - SSO Enforcement Bypass via API
First Time appeared N8n
N8n n8n
Weaknesses CWE-285
CPEs cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*
Vendors & Products N8n
N8n n8n
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N'}

cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-30T22:08:34.810Z

Reserved: 2026-06-20T18:13:07.364Z

Link: CVE-2026-56350

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T23:30:04Z

Weaknesses