CVE-2026-56349 PUBLISHED

n8n - Guardrail Node Bypass via Crafted Input

Assigner: VulnCheck
Reserved: 20.06.2026 Published: 15.07.2026 Updated: 15.07.2026

n8n before version 2.10.0 contains an input validation vulnerability in the Guardrail node that allows attackers to bypass default guardrail instructions. End users can craft malicious inputs to circumvent guardrail protections and compromise workflow integrity.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
CVSS Score: 6.3

Product Status

Vendor n8n
Product n8n
Versions Default: unaffected
  • affected from 0 to 2.10.0 (excl.)
  • Version 2.10.0 is unaffected

Credits

  • akirilov reporter

References

Problem Types

  • Improper Input Validation CWE