CVE-2026-56357

Published
View on NVD ↗
CVSS v3
4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signature verification. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary data, spoofing GitHub webhook events.

n8n-io/n8n
n8n-io/n8n
Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
GitHubGitHub
194K