Skip to main content

n8n EUVDEUVD-2026-38475

| CVE-2026-54301 HIGH
Cross-site Scripting (XSS) (CWE-79)
2026-06-16 https://github.com/n8n-io/n8n GHSA-v733-mwr6-fgcm
7.0
CVSS 4.0 · Vendor: https://github.com/n8n-io/n8n
Share

Severity by source

Vendor (https://github.com/n8n-io/n8n) PRIMARY
7.0 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.6 HIGH

Network-reachable webhook (AV:N), attacker needs workflow-edit auth (PR:L), victim must click link (UI:R), same-origin XSS crosses authentication boundary into victim session (S:C, C:H).

3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (https://github.com/n8n-io/n8n).

CVSS VectorVendor: https://github.com/n8n-io/n8n

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

8
Analysis Updated
Jun 23, 2026 - 18:44 vuln.today
v5 (cvss_changed)
Analysis Updated
Jun 23, 2026 - 18:43 vuln.today
v4 (cvss_changed)
Analysis Updated
Jun 23, 2026 - 18:42 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 23, 2026 - 18:42 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 23, 2026 - 18:22 vuln.today
cvss_changed
CVSS changed
Jun 23, 2026 - 18:22 NVD
7.6 (HIGH) 7.0 (HIGH)
Source Code Evidence Fetched
Jun 16, 2026 - 19:50 vuln.today
Analysis Generated
Jun 16, 2026 - 19:50 vuln.today

DescriptionCVE.org

Impact

An authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type. The binary response path bypassed the central Content-Security-Policy sandbox header, allowing a public webhook to execute JavaScript in the n8n origin when visited by an authenticated user, with access to that user's session.

Patches

The issue has been fixed in n8n versions 1.123.55, 2.25.7, and 2.26.2. Users should upgrade to one of these versions or later to remediate the vulnerability.

Workarounds

If upgrading is not immediately possible, administrators should consider the following temporary mitigations:

  • Limit workflow creation and editing permissions to fully trusted users only.
  • Disable the Respond to Webhook node by adding n8n-nodes-base.respondToWebhook to the NODES_EXCLUDE environment variable.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

AnalysisAI

Same-origin cross-site scripting in n8n workflow automation platform allows an authenticated user with workflow edit privileges to weaponize the Respond to Webhook node and execute JavaScript in another authenticated user's session. The binary response path bypassed the central Content-Security-Policy sandbox header, letting attacker-controlled Content-Type serve executable content from the n8n origin. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

Technical ContextAI

n8n is a Node.js-based workflow automation platform (npm package n8n) where the Respond to Webhook node returns HTTP responses for public webhook endpoints. The platform applies a central Content-Security-Policy sandbox header to constrain webhook responses, but the binary response code path failed to enforce that header and honored an attacker-controlled Content-Type. This is a CWE-79 (Improper Neutralization of Input During Web Page Generation) issue manifesting as same-origin XSS because the response is served from the n8n application origin, giving injected JavaScript access to the victim's authenticated session cookies and UI state.

RemediationAI

Vendor-released patches are available: upgrade to n8n 1.123.55, 2.25.7, or 2.26.2 (or any later release) as documented in advisory GHSA-v733-mwr6-fgcm at https://github.com/n8n-io/n8n/security/advisories/GHSA-v733-mwr6-fgcm. If immediate upgrade is not possible, restrict workflow creation and edit permissions to fully trusted operators only, which removes the precondition for crafting a malicious Respond to Webhook node but reduces collaborative use of the platform. Alternatively, disable the affected node by adding n8n-nodes-base.respondToWebhook to the NODES_EXCLUDE environment variable, accepting that any existing workflows relying on synchronous webhook responses will break. The vendor explicitly notes these workarounds are partial mitigations only.

Share

EUVD-2026-38475 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy