XSS in N8n-io N8n
CVE-2026-54302
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webh…
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- N8n-io N8n — versions < 1.123.55, >= 2.0.0-rc.0, < 2.25.7, >= 2.26.0, < 2.26.2
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)