CVE-2026-56360 in n8ninfo

Summary

by MITRE • 07/08/2026

n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 signatures on Zendesk webhooks in the ZendeskTrigger node. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary malicious data.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 07/08/2026

The vulnerability in n8n versions prior to 1.123.18 and 2.6.2 represents a critical security flaw in the ZendeskTrigger node that undermines the integrity of webhook processing within the workflow automation platform. This issue stems from the application's failure to properly validate HMAC-SHA256 signatures that are typically used to authenticate incoming webhook requests from Zendesk services. The absence of signature verification creates an authentication bypass opportunity that allows malicious actors to exploit the system's trust in legitimate webhook sources.

The technical flaw manifests as a missing input validation mechanism within the ZendeskTrigger node implementation where the system should verify that incoming POST requests originate from legitimate Zendesk sources through proper HMAC-SHA256 signature checking. This vulnerability directly maps to CWE-347 known as "Improper Verification of Cryptographic Signature" which occurs when applications fail to properly validate digital signatures before processing data. The flaw enables attackers to craft and send unsigned POST requests to the configured webhook URLs, effectively circumventing the intended security controls that should ensure only trusted sources can trigger automated workflows.

The operational impact of this vulnerability extends beyond simple unauthorized access as it provides attackers with the ability to inject arbitrary malicious data into n8n workflows through the ZendeskTrigger node. This creates a significant risk for organizations that rely on n8n for critical business processes, as malicious actors could potentially manipulate workflow executions, trigger unintended actions, or even escalate privileges within automated systems. The attack surface is particularly concerning because it allows attackers to leverage existing webhook configurations without requiring authentication credentials or other access vectors.

This vulnerability aligns with several ATT&CK techniques including T1078 Valid Accounts for maintaining persistence and T1566 Phishing for initial access, though the primary concern here is the lack of proper signature verification that enables lateral movement through workflow automation. Organizations using n8n for security-sensitive workflows face potential data integrity breaches and unauthorized system modifications. The remediation requires implementing proper HMAC-SHA256 signature validation within the ZendeskTrigger node to ensure that all incoming requests are authenticated before triggering any workflow execution, thereby restoring the intended security controls and preventing unauthorized access to automated processes.

The vulnerability demonstrates a critical gap in the application's security architecture where cryptographic verification mechanisms were not properly implemented or enforced for webhook processing. This type of flaw commonly occurs when developers assume that webhook endpoints can be trusted without proper authentication, leading to potentially severe consequences when attackers exploit the trust model. Organizations should immediately update to the patched versions 1.123.18 and 2.6.2 to address this vulnerability and implement additional monitoring for unauthorized webhook activity within their n8n deployments. The fix ensures that all Zendesk webhooks are properly validated before triggering any automated workflows, protecting against malicious data injection attacks and maintaining the integrity of business process automation systems.

Responsible

VulnCheck

Reservation

06/20/2026

Disclosure

07/08/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!