{
    "document": {
        "category": "csaf_security_advisory",
        "csaf_version": "2.0",
        "distribution": {
            "tlp": {
                "label": "WHITE"
            }
        },
        "lang": "nl",
        "notes": [
            {
                "category": "legal_disclaimer",
                "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
            },
            {
                "category": "description",
                "text": "n8n heeft meerdere kwetsbaarheden verholpen in het n8n workflow automation platform, specifiek in versies voor 2.10.1, 2.9.3, 1.123.22 en andere gerelateerde releases.",
                "title": "Feiten"
            },
            {
                "category": "description",
                "text": "De kwetsbaarheden betreffen verschillende componenten binnen n8n, waaronder de Form nodes, Python Code node, JavaScript Task Runner sandbox, Merge node, Read/Write Files from Disk node, workflow expression evaluatie, core workflow editing functionaliteit, GitHub Webhook Trigger node, ZendeskTrigger node, Guardrail node en Chat Trigger node. \n\n- Ongeauthenticeerde en geauthenticeerde gebruikers kunnen onder bepaalde voorwaarden arbitrary code injecteren en uitvoeren, soms via sandbox escapes, wat leidt tot remote code execution op het host-systeem.\n- Kwetsbaarheden in nodes zoals Merge node en Read/Write Files from Disk node stellen geauthenticeerde gebruikers met workflow bewerkingsrechten in staat om bestanden te schrijven en shell-commando's uit te voeren.\n- Webhook nodes (GitHub en ZendeskTrigger) missen HMAC-SHA256 handtekening verificatie, waardoor onbevoegde POST-requests kunnen worden verzonden die workflows triggeren.\n- Authenticatie bypass kwetsbaarheden in SSO en Chat Trigger nodes maken het mogelijk om beveiligingsmechanismen te omzeilen en ongeautoriseerde toegang te verkrijgen.\n- Input validatie in de Guardrail node kan worden omzeild, wat de integriteit van workflows kan aantasten.\n\nDeze kwetsbaarheden zijn aanwezig in meerdere versies en releases van n8n en zijn gerelateerd aan workflow creatie, modificatie en uitvoering, waarbij misbruik kan leiden tot het overnemen van het host-systeem, het manipuleren van workflows en het omzeilen van authenticatiecontroles.",
                "title": "Interpretaties"
            },
            {
                "category": "description",
                "text": "n8n heeft updates uitgebracht in versies 2.10.1, 2.9.3, 1.123.22, 2.8.0, 1.123.15, 2.5.0, 1.123.18, 2.6.2 en 2.10.0 om de genoemde kwetsbaarheden te verhelpen. Voor omgevingen waar directe upgrade niet mogelijk is, zijn tijdelijke mitigaties beschikbaar, zoals het beperken van gebruikersrechten en het uitschakelen van bepaalde nodes. Zie bijgevoegde referenties voor meer informatie.",
                "title": "Oplossingen"
            },
            {
                "category": "general",
                "text": "medium",
                "title": "Kans"
            },
            {
                "category": "general",
                "text": "high",
                "title": "Schade"
            },
            {
                "category": "general",
                "text": "Improper Input Validation",
                "title": "CWE-20"
            },
            {
                "category": "general",
                "text": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
                "title": "CWE-79"
            },
            {
                "category": "general",
                "text": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                "title": "CWE-80"
            },
            {
                "category": "general",
                "text": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
                "title": "CWE-89"
            },
            {
                "category": "general",
                "text": "Improper Control of Generation of Code ('Code Injection')",
                "title": "CWE-94"
            },
            {
                "category": "general",
                "text": "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')",
                "title": "CWE-95"
            },
            {
                "category": "general",
                "text": "Improper Privilege Management",
                "title": "CWE-269"
            },
            {
                "category": "general",
                "text": "Improper Access Control",
                "title": "CWE-284"
            },
            {
                "category": "general",
                "text": "Improper Authorization",
                "title": "CWE-285"
            },
            {
                "category": "general",
                "text": "Improper Authentication",
                "title": "CWE-287"
            },
            {
                "category": "general",
                "text": "Authentication Bypass by Spoofing",
                "title": "CWE-290"
            },
            {
                "category": "general",
                "text": "Insufficient Verification of Data Authenticity",
                "title": "CWE-345"
            },
            {
                "category": "general",
                "text": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                "title": "CWE-497"
            },
            {
                "category": "general",
                "text": "Protection Mechanism Failure",
                "title": "CWE-693"
            },
            {
                "category": "general",
                "text": "Improper Control of Dynamically-Managed Code Resources",
                "title": "CWE-913"
            },
            {
                "category": "general",
                "text": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities",
                "title": "CWE-937"
            },
            {
                "category": "general",
                "text": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities",
                "title": "CWE-1035"
            }
        ],
        "publisher": {
            "category": "coordinator",
            "contact_details": "cert@ncsc.nl",
            "name": "Nationaal Cyber Security Centrum",
            "namespace": "https://www.ncsc.nl/"
        },
        "references": [
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-2p9h-rqjw-gm92"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-38c7-23hj-2wgq"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-75g8-rv7v-32f7"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-f3f2-mcxc-pwjx"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-fvfv-ppw4-7h2w"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-jh8h-6c9q-7gmw"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-jjpj-p2wh-qf23"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-mmgg-m5j7-f83h"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-mqpr-49jj-32rc"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-vjf3-2gpj-233v"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-vpcf-gvg4-6qwr"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-wxx7-mcgf-j869"
            },
            {
                "category": "external",
                "summary": "Reference",
                "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-x2mw-7j39-93xq"
            }
        ],
        "title": "Kwetsbaarheden verholpen in n8n workflow automation platform",
        "tracking": {
            "current_release_date": "2026-07-17T14:31:46.607033Z",
            "generator": {
                "date": "2025-08-04T16:30:00Z",
                "engine": {
                    "name": "V.A.",
                    "version": "1.3"
                }
            },
            "id": "NCSC-2026-0248",
            "initial_release_date": "2026-07-17T14:31:46.607033Z",
            "revision_history": [
                {
                    "date": "2026-07-17T14:31:46.607033Z",
                    "number": "1.0.0",
                    "summary": "Initiele versie"
                }
            ],
            "status": "final",
            "version": "1.0.0"
        }
    },
    "product_tree": {
        "branches": [
            {
                "branches": [
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/*",
                                "product": {
                                    "name": "vers:unknown/*",
                                    "product_id": "CSAFPID-1"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "n8n"
                    }
                ],
                "category": "vendor",
                "name": "n8n"
            }
        ]
    },
    "vulnerabilities": [
        {
            "cve": "CVE-2026-27493",
            "cwe": {
                "id": "CWE-94",
                "name": "Improper Control of Generation of Code ('Code Injection')"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Control of Generation of Code ('Code Injection')",
                    "title": "CWE-94"
                },
                {
                    "category": "other",
                    "text": "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')",
                    "title": "CWE-95"
                },
                {
                    "category": "description",
                    "text": "A second-order expression injection vulnerability in n8n's Form nodes could allow unauthenticated attackers to inject and evaluate arbitrary expressions, potentially leading to remote code execution when combined with a sandbox escape, fixed in versions 2.10.1, 2.9.3, and 1.123.22.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-27493 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27493.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                        "baseScore": 9.0,
                        "baseSeverity": "CRITICAL"
                    },
                    "products": [
                        "CSAFPID-1"
                    ]
                }
            ],
            "title": "CVE-2026-27493"
        },
        {
            "cve": "CVE-2026-27494",
            "cwe": {
                "id": "CWE-497",
                "name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                    "title": "CWE-497"
                },
                {
                    "category": "description",
                    "text": "A sandbox escape vulnerability in n8n's Python Code node allowed authenticated users with workflow editing permissions to execute arbitrary code and potentially compromise the host, fixed in versions 2.10.1, 2.9.3, and 1.123.22.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-27494 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27494.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                        "baseScore": 9.9,
                        "baseSeverity": "CRITICAL"
                    },
                    "products": [
                        "CSAFPID-1"
                    ]
                }
            ],
            "title": "CVE-2026-27494"
        },
        {
            "cve": "CVE-2026-27495",
            "cwe": {
                "id": "CWE-94",
                "name": "Improper Control of Generation of Code ('Code Injection')"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Control of Generation of Code ('Code Injection')",
                    "title": "CWE-94"
                },
                {
                    "category": "description",
                    "text": "Authenticated users with workflow creation or modification permissions in n8n versions prior to 2.10.1, 2.9.3, and 1.123.22 can exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox, risking host compromise.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-27495 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27495.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                        "baseScore": 9.9,
                        "baseSeverity": "CRITICAL"
                    },
                    "products": [
                        "CSAFPID-1"
                    ]
                }
            ],
            "title": "CVE-2026-27495"
        },
        {
            "cve": "CVE-2026-27497",
            "cwe": {
                "id": "CWE-89",
                "name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
                    "title": "CWE-89"
                },
                {
                    "category": "other",
                    "text": "Improper Control of Generation of Code ('Code Injection')",
                    "title": "CWE-94"
                },
                {
                    "category": "description",
                    "text": "Authenticated users with workflow creation or modification permissions in n8n versions prior to 2.10.1, 2.9.3, and 1.123.22 could exploit the Merge node's SQL query mode to execute arbitrary code and write files on the server.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-27497 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27497.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                        "baseScore": 9.9,
                        "baseSeverity": "CRITICAL"
                    },
                    "products": [
                        "CSAFPID-1"
                    ]
                }
            ],
            "title": "CVE-2026-27497"
        },
        {
            "cve": "CVE-2026-27498",
            "cwe": {
                "id": "CWE-94",
                "name": "Improper Control of Generation of Code ('Code Injection')"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Control of Generation of Code ('Code Injection')",
                    "title": "CWE-94"
                },
                {
                    "category": "description",
                    "text": "Authenticated users with workflow modification permissions in n8n versions prior to 2.2.0 and 1.123.8 can exploit the Read/Write Files from Disk node combined with git operations to execute arbitrary shell commands on the host system.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-27498 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27498.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                        "baseScore": 8.8,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-1"
                    ]
                }
            ],
            "title": "CVE-2026-27498"
        },
        {
            "cve": "CVE-2026-27577",
            "cwe": {
                "id": "CWE-94",
                "name": "Improper Control of Generation of Code ('Code Injection')"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Control of Generation of Code ('Code Injection')",
                    "title": "CWE-94"
                },
                {
                    "category": "other",
                    "text": "Improper Control of Dynamically-Managed Code Resources",
                    "title": "CWE-913"
                },
                {
                    "category": "description",
                    "text": "Multiple critical vulnerabilities in n8n versions prior to 2.10.1, 2.9.3, and 1.123.22 allowed authenticated users with workflow modification permissions to execute arbitrary system commands via expression evaluation flaws.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-27577 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27577.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                        "baseScore": 9.9,
                        "baseSeverity": "CRITICAL"
                    },
                    "products": [
                        "CSAFPID-1"
                    ]
                }
            ],
            "title": "CVE-2026-27577"
        },
        {
            "cve": "CVE-2026-27578",
            "cwe": {
                "id": "CWE-80",
                "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                    "title": "CWE-80"
                },
                {
                    "category": "other",
                    "text": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
                    "title": "CWE-79"
                },
                {
                    "category": "description",
                    "text": "Authenticated users with workflow creation or modification permissions in n8n could inject malicious scripts via multiple nodes, enabling session hijacking and account takeover, with fixes released in versions 2.10.1, 2.9.3, and 1.123.22.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-27578 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27578.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                        "baseScore": 5.4,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1"
                    ]
                }
            ],
            "title": "CVE-2026-27578"
        },
        {
            "cve": "CVE-2026-56357",
            "cwe": {
                "id": "CWE-290",
                "name": "Authentication Bypass by Spoofing"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Authentication Bypass by Spoofing",
                    "title": "CWE-290"
                },
                {
                    "category": "description",
                    "text": "n8n versions prior to 1.123.15 and 2.5.0 have a critical vulnerability in the GitHub Webhook Trigger node due to missing HMAC-SHA256 signature verification, allowing attackers to send unsigned POST requests and spoof webhook events.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-56357 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56357.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
                        "baseScore": 4.0,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1"
                    ]
                }
            ],
            "title": "CVE-2026-56357"
        },
        {
            "cve": "CVE-2026-56350",
            "notes": [
                {
                    "category": "description",
                    "text": "n8n versions prior to 2.8.0 contain an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement and create local password credentials, circumventing organizational SSO and multi-factor authentication controls.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-56350 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56350.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N",
                        "baseScore": 6.3,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1"
                    ]
                }
            ],
            "title": "CVE-2026-56350"
        },
        {
            "cve": "CVE-2026-56360",
            "cwe": {
                "id": "CWE-290",
                "name": "Authentication Bypass by Spoofing"
            },
            "notes": [
                {
                    "category": "other",
                    "text": "Authentication Bypass by Spoofing",
                    "title": "CWE-290"
                },
                {
                    "category": "description",
                    "text": "n8n versions prior to 1.123.18 and 2.6.2 fail to verify HMAC-SHA256 signatures on ZendeskTrigger webhooks, enabling attackers with the webhook URL to send unsigned POST requests and trigger workflows with malicious data.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-56360 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56360.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
                        "baseScore": 4.0,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1"
                    ]
                }
            ],
            "title": "CVE-2026-56360"
        },
        {
            "cve": "CVE-2026-56349",
            "notes": [
                {
                    "category": "description",
                    "text": "n8n versions prior to 2.10.0 contain an input validation vulnerability in the Guardrail node that permits attackers to bypass default guardrail instructions and compromise workflow integrity, which has been addressed in version 2.10.0.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-56349 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56349.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                        "baseScore": 3.7,
                        "baseSeverity": "LOW"
                    },
                    "products": [
                        "CSAFPID-1"
                    ]
                }
            ],
            "title": "CVE-2026-56349"
        },
        {
            "cve": "CVE-2026-56353",
            "notes": [
                {
                    "category": "description",
                    "text": "n8n versions prior to 1.123.22, 2.9.3, and 2.10.1 have an authentication bypass vulnerability in the Chat Trigger node when using n8n User Auth, enabling unauthorized webhook access.",
                    "title": "Summary"
                },
                {
                    "category": "general",
                    "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
                    "title": "CVSSV4"
                }
            ],
            "product_status": {
                "known_affected": [
                    "CSAFPID-1"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2026-56353 | NCSC-NL Website",
                    "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-56353.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                        "baseScore": 4.8,
                        "baseSeverity": "MEDIUM"
                    },
                    "products": [
                        "CSAFPID-1"
                    ]
                }
            ],
            "title": "CVE-2026-56353"
        }
    ]
}