XSS in N8n-io N8n

CVE-2026-33749

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (15.9th percentile) — read the EPSS interpretation.

Affected products

N8n-io N8n — versions < 1.123.27, >= 2.0.0-rc.0, < 2.13.3, = 2.14.0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-qfc3-hm4j-7q77 (x_refsource_CONFIRM)