These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-56357 is a medium-severity vulnerability in n8n, a workflow automation tool. The vulnerability exists in the GitHub Webhook Trigger node and allows attackers to send unsigned POST requests to trigger workflows with arbitrary data, effectively spoofing GitHub webhook events. This can be done by attackers who know the webhook URL. The vulnerability has a CVSS score of 6.3 and is classified as MEDIU [truncated]
CVE-2026-56348 is a medium-severity credential exfiltration vulnerability in n8n before 2.20.0. The vulnerability exists in the POST /rest/dynamic-node-parameters/options endpoint and allows authenticated users to bypass Allowed HTTP Request Domains restrictions. Attackers with credential access can cause the n8n server to issue HTTP requests with credentials to unauthorized hosts, exfiltrating sensitive [truncated]
CVE-2025-68613 is a n8n vulnerability described as an improper control of dynamically-managed code resources issue. CISA added it to the Known Exploited Vulnerabilities (KEV) catalog on 2026-03-11, which means defenders should treat it as an urgent remediation item. The supplied corpus does not include affected versions, a CVSS score, or detailed exploit conditions, so the safest response is to identify a [truncated]