PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-56353 n8n CVE debrief

CVE-2026-56353 is an authentication bypass vulnerability in the Chat Trigger node of n8n, a workflow automation tool. The vulnerability occurs when the Chat Trigger node is configured with n8n User Auth, a non-default configuration. In affected versions, including before 1.123.22, the 2.0.0 through 2.9.2 line, and 2.10.0, the authentication check on the Chat Trigger webhook endpoint can be circumvented, allowing access without valid credentials.

Vendor
n8n
Product
Unknown
CVSS
MEDIUM 6.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-15
Original CVE updated
2026-07-16
Advisory published
2026-07-15
Advisory updated
2026-07-16

Who should care

Users of n8n who have configured the Chat Trigger node with n8n User Auth should be aware of this vulnerability. This includes those using versions before 1.123.22, within the 2.0.0 through 2.9.2 line, and 2.10.0. System administrators and developers using n8n for workflow automation should verify their configurations and update to patched versions if necessary.

Technical summary

The CVE-2026-56353 vulnerability is caused by an authentication bypass in the Chat Trigger node of n8n. Specifically, when the Chat Trigger node is configured with n8n User Auth, the authentication check on the webhook endpoint can be circumvented. This allows unauthorized access to the endpoint without valid credentials. The vulnerability affects multiple version ranges of n8n: before 1.123.22, the 2.0.0 through 2.9.2 line, and 2.10.0. The CVSS score for this vulnerability is 6.3, classified as MEDIUM severity.

Defensive priority

Medium priority should be given to updating n8n to a patched version, as the vulnerability allows for unauthorized access to the Chat Trigger webhook endpoint. System administrators should verify their n8n configurations and ensure that the Chat Trigger node is not using n8n User Auth or update to a fixed version: 1.123.22, 2.9.3, or 2.10.1.

Recommended defensive actions

  • Verify n8n configurations to ensure the Chat Trigger node is not using n8n User Auth.
  • Update to a patched version of n8n: 1.123.22, 2.9.3, or 2.10.1.
  • Monitor for suspicious activity on the Chat Trigger webhook endpoint.
  • Consider compensating controls such as additional authentication mechanisms for the Chat Trigger node.
  • Perform an asset inventory to identify potentially exposed systems.
  • Review the change management process for updating n8n to ensure timely application of security patches.
  • Track the status of n8n updates and vulnerability mitigation efforts.

Evidence notes

The CVE record was published on 2026-07-15T12:18:02.580Z and was last modified on 2026-07-16T20:09:02.550Z. The NVD entry is currently Analyzed. The vulnerability details are based on the official CVE record and NVD information.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-15T12:18:02.580Z and has not been modified since then. The NVD entry is currently Analyzed.