CVE-2026-56360

CVE-2026-56360CVE-2026-56360

n8n / n8n

Description

n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 signatures on Zendesk webhooks in the ZendeskTrigger node. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary malicious data.

Scoring

CVSS 4.0 ()
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Last modified2026-07-08
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.