7 matches found
Cross-site Scripting (XSS)
Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /rest/binary-data endpoint when serving HTML binary data objects without a filename, as the response lacks Content-Disposition and Content-Security-Policy headers. A...
GHSA-QFC3-HM4J-7Q77 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering
Impact An authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such responses inline on the n8n origin without Content-Disposition or Content-Security-Policy...
n8n Vulnerable to XSS via Binary Data Inline HTML Rendering
Impact An authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such responses inline on the n8n origin without Content-Disposition or Content-Security-Policy...
CVE-2026-33749
n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...
CVE-2026-33749 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering
n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...
PT-2026-28090
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.27 n8n versions prior to 2.13.3 n8n versions prior to 2.14.1 Description n8n is a workflow automation platform. An authenticated user with appropriate permissions could create a workflow that generates HTML binary...
n8n Vulnerable to Denial of Service via Malformed Binary Data Requests
Summary Denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs filesystem:// or filesystem-v2://. Impact This is a Denial of Service DoS vulnerability that allows authenticated attackers to cause service unavailability through malformed filesystem URI...