GHSA-38c7-23hj-2wgq: n8n has Webhook Forgery on Zendesk Trigger Node
Summary
A vulnerability in n8n's Zendesk Trigger node (a tool that automatically starts workflows when Zendesk sends data) allows attackers to forge webhook requests, meaning they can trigger workflows with fake data because the node doesn't verify the HMAC-SHA256 signature (a cryptographic check that confirms a message is authentic). This lets anyone who knows the webhook URL send malicious payloads to the connected workflow.
Solution / Mitigation
The issue has been fixed in n8n versions 2.6.2 and 1.123.18. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should limit workflow creation and editing permissions to fully trusted users only, and restrict network access to the n8n webhook endpoint to known Zendesk IP ranges. The source notes these workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
Classification
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-38c7-23hj-2wgq
First tracked: February 26, 2026 at 07:00 PM
Classified by LLM (prompt v3) · confidence: 72%