Lucene search
K

4 matches found

NVD
NVD
added 2026/06/22 10:16 p.m.14 views

CVE-2026-56357

n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signature verification. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary data, spoofing GitHub webhoo...

6.3CVSS0.00186EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:4 p.m.31 views

CVE-2026-56357

n8n’s GitHub Webhook Trigger node is affected in versions before 1.123.15 and 2.5.0 due to missing HMAC-SHA256 signature verification. This allows an attacker who knows the webhook URL to send unsigned POST requests, potentially triggering workflows with arbitrary data and spoofing GitHub webhook...

6.3CVSS6AI score0.00186EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.33 views

CVE-2026-56357 n8n - Webhook Forgery via Missing HMAC-SHA256 Signature Verification in GitHub Webhook Trigger

n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signature verification. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary data, spoofing GitHub webhoo...

6.3CVSS0.00186EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/26 3:58 p.m.4 views

User Impersonation

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to User Impersonation via the GitHub Webhook Trigger component. An attacker can trigger unauthorized workflow executions by sending unsigned POST requests to the webhook endpoint, thereby injecting...

6.3CVSS6.1AI score
Exploits0References2
Rows per page
Query Builder