Description

n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor authentication.

Severity (CVSS)

Base score6
SeverityMedium
VersionCVSS 4.0
VectorCVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Provided byCNA

Weaknesses

  • CWE-285 — Improper Authorization

Affected products

VendorProductVersions
n8nn8n0 to <2.8.0; 2.8.0

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 01 Jul 2026 07:05 UTC.