Lucene search
+L

54 matches found

nvd
nvd
added yesterday3 views

CVE-2026-56353

n8n contains an authentication bypass in the Chat Trigger node when configured with n8n User Auth a non-default configuration. In affected releases — before 1.123.22, the 2.0.0 through 2.9.2 line, and 2.10.0 — the authentication check on the Chat Trigger webhook endpoint can be circumvented,...

6.3CVSS
Exploits0References2
euvd
euvd
added yesterday4 views

EUVD-2026-44626

n8n contains an authentication bypass in the Chat Trigger node when configured with n8n User Auth a non-default configuration. In affected releases — before 1.123.22, the 2.0.0 through 2.9.2 line, and 2.10.0 — the authentication check on the Chat Trigger webhook endpoint can be circumvented,...

6.3CVSS6.1AI score
Exploits0References2
euvd
euvd
added 2026/07/01 12:34 a.m.10 views

EUVD-2026-40444

n8n contains a stored cross-site scripting vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. Affected releases are those before 1.123.27, the 2.0.0 through 2.13.2 line, and 2.14.0 fixed in 1.123.27, 2.13.3, and 2.14.1. An authenticat...

5.4CVSS5.6AI score0.00177EPSS
Exploits0References3
nvd
nvd
added 2026/06/30 11:17 p.m.9 views

CVE-2026-56356

n8n contains a stored cross-site scripting vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. Affected releases are those before 1.123.27, the 2.0.0 through 2.13.2 line, and 2.14.0 fixed in 1.123.27, 2.13.3, and 2.14.1. An authenticat...

5.4CVSS0.00177EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/30 10:8 p.m.6 views

CVE-2026-56356

n8n contains a stored cross-site scripting vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. Affected releases are those before 1.123.27, the 2.0.0 through 2.13.2 line, and 2.14.0 fixed in 1.123.27, 2.13.3, and 2.14.1. An authenticat...

5.4CVSS5.6AI score0.00177EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2026/06/30 10:8 p.m.39 views

CVE-2026-56356 n8n - Stored Cross-Site Scripting in Chat Trigger Node Custom CSS Field

n8n contains a stored cross-site scripting vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. Affected releases are those before 1.123.27, the 2.0.0 through 2.13.2 line, and 2.14.0 fixed in 1.123.27, 2.13.3, and 2.14.1. An authenticat...

5.4CVSS0.00177EPSS
Exploits0References2
cve
cve
added 2026/06/30 10:8 p.m.21 views

CVE-2026-56356

Summary: CVE-2026-56356 affects n8n’s Chat Trigger node Custom CSS field, where a misconfiguration of the sanitize-html library allows stored XSS. Affected versions: before 1.123.27; 2.0.0–2.13.2; 2.14.0. Impact: an authenticated user with workflow creation/modification rights can inject JavaScri...

5.4CVSS5.6AI score0.00177EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/30 10:8 p.m.4 views

CVE-2026-56356 n8n - Stored Cross-Site Scripting in Chat Trigger Node Custom CSS Field

n8n contains a stored cross-site scripting vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. Affected releases are those before 1.123.27, the 2.0.0 through 2.13.2 line, and 2.14.0 fixed in 1.123.27, 2.13.3, and 2.14.1. An authenticat...

5.1CVSS5.8AI score0.00177EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.7 views

PT-2026-54040

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.27 n8n versions 2.0.0 through 2.13.2 n8n version 2.14.0 Description A stored cross-site scripting issue exists in the Chat Trigger node's Custom CSS field caused by a misconfiguration of the sanitize-html library. A...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References4
snyk
snyk
added 2026/06/23 7:20 p.m.18 views

Cross-site Scripting (XSS)

Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the webhookId parameter in the Chat Trigger node. An attacker can execute arbitrary JavaScript in the context of another user's session by injecting malicious code, which is the...

7CVSS5.9AI score0.0021EPSS
Exploits0References2
nvd
nvd
added 2026/06/23 5:17 p.m.9 views

CVE-2026-54302

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the...

7CVSS0.0021EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/23 3:46 p.m.6 views

CVE-2026-54302

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the...

7CVSS6AI score0.0021EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/06/23 3:46 p.m.43 views

CVE-2026-54302 n8n: Stored XSS in Chat Trigger Node

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the...

7CVSS0.0021EPSS
Exploits0References1
euvd
euvd
added 2026/06/23 3:46 p.m.8 views

EUVD-2026-38477

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the...

7CVSS6AI score0.0021EPSS
Exploits0References1
cve
cve
added 2026/06/23 3:46 p.m.22 views

CVE-2026-54302

CVE-2026-54302 — n8n: Stored XSS in Chat Trigger Node . An authenticated user with workflow edit access could inject JavaScript into the Chat Trigger page by setting a malicious webhookId. When a logged-in user visited the chat URL, the code executed in the n8n origin under that user’s session. A...

7CVSS6AI score0.0021EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/06/23 3:46 p.m.3 views

CVE-2026-54302 n8n: Stored XSS in Chat Trigger Node

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the...

7CVSS6.1AI score0.0021EPSS
Exploits0References3
patchstack
patchstack
added 2026/06/16 10:39 p.m.3 views

NPM: n8n: Stored XSS in Chat Trigger Node

NPM: n8n: Stored XSS in Chat Trigger Node vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...

7CVSS5.8AI score0.0021EPSS
Exploits0References2Affected Software1
github
github
added 2026/06/16 10:39 p.m.12 views

n8n: Stored XSS in Chat Trigger Node

Impact An authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the injected code executed in the n8n origin with that user's session privileges. Patches T...

7CVSS5.6AI score0.0021EPSS
Exploits0References2Affected Software1
redhatcve
redhatcve
added 2026/05/06 8:22 p.m.14 views

CVE-2026-42228

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated...

6.5CVSS6AI score0.00383EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/05/04 12:0 a.m.10 views

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained security vulnerabilities. These vulnerabilities stemmed from the /chatWebSocket endpoint in the Chat Trigger node’s Hosted Chat feature, which did not verify...

6.5CVSS6.1AI score0.00383EPSS
Exploits1References2
Rows per page
Query Builder