CVE-2026-56360
Undergoing Analysis Undergoing Analysis - In Progress

ZendeskTrigger Node Unsigned Webhook Signature Bypass in n8n

Vulnerability report for CVE-2026-56360, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: VulnCheck

Description

n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 signatures on Zendesk webhooks in the ZendeskTrigger node. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary malicious data.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-08
AI Q&A
2026-07-08
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
n8n n8n to 2.6.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-290 This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-56360 is a vulnerability in the n8n workflow automation tool, specifically in the ZendeskTrigger node. Versions before 1.123.18 and 2.6.2 fail to verify HMAC-SHA256 signatures on Zendesk webhooks.

Because of this failure, attackers who know the webhook URL can send unsigned POST requests that bypass authentication and trigger workflows with arbitrary malicious data.

This issue is classified as an authentication bypass by spoofing (CWE-290) and has a medium severity rating with a CVSS score of 6.3.

Impact Analysis

This vulnerability allows attackers to trigger workflows in n8n without proper authentication by sending unsigned POST requests to the webhook URL.

As a result, attackers can inject arbitrary malicious data into workflows, potentially causing unauthorized actions or data manipulation within the affected system.

This can lead to compromised workflow integrity, unexpected behavior, and potential security breaches depending on the workflows' functions.

Detection Guidance

This vulnerability involves the failure to verify HMAC-SHA256 signatures on Zendesk webhooks in the ZendeskTrigger node of n8n. Detection would involve monitoring for unsigned POST requests sent to the webhook URL that trigger workflows.

Since the vulnerability allows attackers who know the webhook URL to send unsigned POST requests, you can detect potential exploitation by inspecting incoming POST requests to the webhook endpoint and checking if they lack valid HMAC-SHA256 signatures.

Suggested commands to detect such activity might include using network monitoring or web server logs to filter POST requests to the webhook URL and verify the presence or absence of the expected HMAC-SHA256 signature header.

  • Use tools like tcpdump or Wireshark to capture POST requests to the webhook URL.
  • Use grep or similar commands on server logs to find POST requests to the webhook endpoint missing the HMAC-SHA256 signature header.
  • Example command to check logs for missing signature header: grep -i 'POST /webhook-path' /var/log/nginx/access.log | grep -v 'X-Zendesk-Signature'
Mitigation Strategies

The primary mitigation is to upgrade n8n to version 1.123.18, 2.6.2, or later, where the vulnerability has been patched.

Until you can upgrade, temporary mitigations include restricting workflow creation permissions to trusted users and limiting network access to the n8n webhook endpoint to known Zendesk IP ranges.

These temporary mitigations reduce the risk but do not fully resolve the vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56360. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart