Exploit for Missing Authorization in N8N

GHSA-f77h-j2v7-g6mw — n8n Unauthenticated Chat Execution Hijac...

n8n Vulnerable to Hijacking of Unauthenticated Chat Execution

Impact The /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated remote attacker who could identify a valid execution ID for a workflow in a waiting state cou...