CVE-2026-21894
n8n (open-source workflow automation) contains an authentication bypass in the Stripe Trigger node. In versions 0.150.0 through 2.2.1, the Stripe Trigger creates/stores a webhook signing secret but does not verify incoming Stripe webhook requests against it, allowing unauthenticated parties who k...