CVE-2026-54308
n8n: Missing Token Validation on Microsoft Agent 365 Trigger Node
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to execute with attacker-controlled data. This vulnerability is fixed in 2.25.7 and 2.26.2.
| CWE | CWE-290 |
| Vendor | n8n-io |
| Product | n8n |
| Published | Jun 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for n8n-io n8n
Be the first to know when new unknown vulnerabilities affecting n8n-io n8n are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
n8n-io / n8n
>= 2.26.0, < 2.26.2 < 2.25.7