n8n: Missing Token Validation on Microsoft Agent 365 Trigger and Stripe Nodes

Impact The MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to execute with attacker-controlled data. Patches The issue has been fixed in...

PT-2026-50174

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description The MicrosoftAgent365Trigger and StripeTrigger nodes fail to validate inbound requests. This allows an unauthenticated attacker with knowledge of the webhook URL to submit a...

Authentication Bypass

n8n is vulnerable to Authentication Bypass. The vulnerability is due to missing verification of Stripe webhook signatures in the Stripe Trigger node, which allows an attacker to send forged webhook requests and trigger workflows as if they were legitimate Stripe events...

CVE-2026-21894

n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stri...

CVE-2026-21894

n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stri...

CVE-2026-21894

n8n (open-source workflow automation) contains an authentication bypass in the Stripe Trigger node. In versions 0.150.0 through 2.2.1, the Stripe Trigger creates/stores a webhook signing secret but does not verify incoming Stripe webhook requests against it, allowing unauthenticated parties who k...

CVE-2026-21894 n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks

n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stri...

CVE-2026-21894 n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks

n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stri...

CVE-2026-21894 n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks

n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stri...

n8n 安全漏洞

n8n is a scalable workflow automation tool from n8n open source. A security vulnerability exists in n8n versions 0.150.0 through prior to 2.2.2 that stems from an authentication bypass in the Stripe Trigger node, which could result in an unauthenticated party triggering a workflow...

N8n < 2.2.2 Unauthenticated Forged Webhooks

According to its banner, the version of n8n running on the remote host is 0.150 or later and before 2.2.2. It is, therefore, affected by an authentication bypass in the Stripe trigger, allowing unauthenticated parties to trigger workflows by sending forget Stripe webhook events. Note that the...

n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks

Impact An authentication bypass in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stripe webhook signing secret when registering the webhook endpoint, but incoming webhook requests were n...

PT-2026-2124

Name of the Vulnerable Software and Affected Versions n8n versions 0.150.0 through 2.2.1 Description n8n is a workflow automation platform. A flaw in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger node create...