CVE-2026-56360
EUVD-2026-4225808.07.2026, 14:17
n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 signatures on Zendesk webhooks in the ZendeskTrigger node. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary malicious data.Enginsight
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| n8n | n8n | 𝑥 < 1.123.18 | CNA |
| n8n | n8n | 2.0.0 ≤ 𝑥 < 2.6.2 | CNA |
Common Weakness Enumeration