GHSA-QFC3-HM4J-7Q77 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

Impact An authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such responses inline on the n8n origin without Content-Disposition or Content-Security-Policy...

PT-2026-4918

n8n and Affected Versions n8n affected versions not specified Description n8n is affected by a critical Remote Code Execution RCE issue within its workflow Expression evaluation system. An authenticated attacker can leverage this to execute arbitrary code with the privileges of the n8n process...