Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionGitHub Advisory
Impact
The /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated remote attacker who could identify a valid execution ID for a workflow in a waiting state could attach to that execution, receive the pending prompt intended for the legitimate user, and submit arbitrary input to resume or influence downstream workflow behavior.
Exploitation requires the following conditions:
- The instance exposes a public Hosted Chat workflow with authentication set to
None. - A target execution is in a waiting state at the time of the attack.
- The attacker can obtain or discover the execution ID of that waiting execution.
Patches
The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.
Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
- Enable authentication on all Chat Trigger nodes by setting the Authentication field to
n8n User Authrather thanNone.
These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
AnalysisAI
n8n Chat Trigger's Hosted Chat feature fails to verify WebSocket connection authorization on the /chat endpoint, allowing unauthenticated remote attackers to hijack workflow executions in waiting state by obtaining the execution ID, intercept intended user prompts, and submit arbitrary input to influence downstream workflow behavior. This affects instances configured with authentication set to None. Vendor-released patches: versions 1.123.32, 2.17.4, and 2.18.1. No public exploit code identified at time of analysis.
Technical ContextAI
The vulnerability resides in n8n's Chat Trigger node's Hosted Chat feature, which uses a WebSocket endpoint at /chat to facilitate real-time communication between users and workflow executions. The underlying issue is an authentication bypass in the WebSocket connection handler - the endpoint accepts incoming connections without validating whether the connecting client is authorized to interact with the specified execution. The CWE-862 (Missing Authorization) classification indicates the root cause: the application fails to enforce proper access control checks before granting access to sensitive execution state and input channels. When a workflow is paused at a Chat Trigger node awaiting user input, the execution enters a waiting state and receives a unique execution ID. An attacker who discovers this execution ID can establish an unauthenticated WebSocket connection and gain direct access to the same execution context, bypassing the intended authentication model that should protect user interactions.
RemediationAI
Vendor-released patch: upgrade to n8n version 1.123.32 (if on 1.x branch), 2.17.4 (if on 2.x stable), or 2.18.1 or later (if on 2.18.x development). For immediate deployment on instances that cannot upgrade, enable authentication on all Chat Trigger nodes by changing the Authentication field from None to n8n User Auth - this forces legitimate users to authenticate before accessing the Chat Trigger, preventing unauthenticated WebSocket hijacking. The workaround does not fully remediate the underlying authorization bypass but significantly reduces attack surface by eliminating the unauthenticated path. Organizations should treat this as a temporary measure (documented by vendor as short-term only) and prioritize patching within 1-2 weeks. After upgrading, test Chat workflows to confirm execution state transitions and WebSocket connectivity function correctly, as authentication enforcement may affect existing integrations relying on unauthenticated access.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27096
GHSA-f77h-j2v7-g6mw