AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-jh8h-6c9q-7gmw: n8n has an Authentication Bypass in its Chat Trigger Node

mediumvulnerability

security

Source: GitHub Advisory DatabaseFebruary 26, 2026

Summary

n8n, a workflow automation tool, has a security flaw in its Chat Trigger node where authentication (the process of verifying a user's identity) can be bypassed when configured with n8n User Auth. This only affects users who have specifically set up this non-default authentication method on their Chat Trigger node.

Solution / Mitigation

The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later. If upgrading is not immediately possible, administrators can temporarily: limit workflow creation and editing permissions to fully trusted users only, use a different authentication method for the Chat Trigger node, or restrict network access to the webhook endpoint (the URL that receives Chat Trigger requests) to trusted origins. These workarounds do not fully remediate the risk and should only be used as short-term measures.

Classification

Attack Type

Other

Attack SophisticationTrivial

Impact (CIA+S)

integrity

AI Component TargetedAgent

Affected Vendors

Affected Packages

n8n@>= 2.10.0, < 2.10.1 (fixed: 2.10.1)n8n@>= 2.0.0, < 2.9.3 (fixed: 2.9.3)n8n@< 1.123.22 (fixed: 1.123.22)

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 26, 2026 at 07:00 PM

Classified by LLM (prompt v3) · confidence: 85%