Arbitrary File Upload

@n8n/n8n-nodes-langchain is vulnerable to Arbitrary File Upload. The vulnerability is due to improper validation and handling of uploaded files in the Chat Trigger component, which allows an attacker to upload a crafted HTML file and execute arbitrary code on the affected system...

EUVD-2025-27160

Malicious code in bioql PyPI...

GHSA-MVH4-2CM2-6HPG Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter

Impact A stored Cross-Site Scripting XSS vulnerability was identified in the @n8n/n8n-nodes-langchain.chatTrigger node in n8n. If an authorized user configures the node with malicious JavaScript in the initialMessages field and enables public access, the script will be executed in the browser of...

CVE-2025-56265

An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file...

CVE-2025-56265

CVE-2025-56265 affects the N8N Chat Trigger component and is tied to an arbitrary file upload vulnerability that allows code execution via uploading a crafted HTML file in N8N versions 1.95.3, 1.100.1 and 1.101.1. The CVSSv3.1 base score is 8.8 (HIGH) with NETWORK attack vector, LOW attack comple...