ByteOS Network

CVE Vulnerability Details :

CVE-2026-54308

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-23 Jun, 2026 | 15:42

Updated At-23 Jun, 2026 | 15:42

▼CVE Numbering Authority (CNA)

n8n: Missing Token Validation on Microsoft Agent 365 Trigger Node

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to execute with attacker-controlled data. This vulnerability is fixed in 2.25.7 and 2.26.2.

Affected Products

Vendor

n8n-io

Product

n8n

Versions

Affected

>= 2.26.0, < 2.26.2
< 2.25.7

Problem Types

Type	CWE ID	Description
CWE	CWE-290	CWE-290: Authentication Bypass by Spoofing

Type: CWE

CWE ID: CWE-290

Description: CWE-290: Authentication Bypass by Spoofing

Metrics

Version	Base score	Base severity	Vector
4.0	6.3	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Version: 4.0

Base score: 6.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

References

Hyperlink	Resource
https://github.com/n8n-io/n8n/security/advisories/GHSA-jvc7-762p-3743	x_refsource_CONFIRM

Hyperlink: https://github.com/n8n-io/n8n/security/advisories/GHSA-jvc7-762p-3743

Resource:

x_refsource_CONFIRM

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References