Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable webhook (AV:N), attacker needs workflow-edit auth (PR:L), victim must click link (UI:R), same-origin XSS crosses authentication boundary into victim session (S:C, C:H).
Primary rating from Vendor (https://github.com/n8n-io/n8n).
CVSS VectorVendor: https://github.com/n8n-io/n8n
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
8DescriptionCVE.org
Impact
An authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type. The binary response path bypassed the central Content-Security-Policy sandbox header, allowing a public webhook to execute JavaScript in the n8n origin when visited by an authenticated user, with access to that user's session.
Patches
The issue has been fixed in n8n versions 1.123.55, 2.25.7, and 2.26.2. Users should upgrade to one of these versions or later to remediate the vulnerability.
Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
- Limit workflow creation and editing permissions to fully trusted users only.
- Disable the Respond to Webhook node by adding
n8n-nodes-base.respondToWebhookto theNODES_EXCLUDEenvironment variable.
These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
AnalysisAI
Same-origin cross-site scripting in n8n workflow automation platform allows an authenticated user with workflow edit privileges to weaponize the Respond to Webhook node and execute JavaScript in another authenticated user's session. The binary response path bypassed the central Content-Security-Policy sandbox header, letting attacker-controlled Content-Type serve executable content from the n8n origin. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.
Technical ContextAI
n8n is a Node.js-based workflow automation platform (npm package n8n) where the Respond to Webhook node returns HTTP responses for public webhook endpoints. The platform applies a central Content-Security-Policy sandbox header to constrain webhook responses, but the binary response code path failed to enforce that header and honored an attacker-controlled Content-Type. This is a CWE-79 (Improper Neutralization of Input During Web Page Generation) issue manifesting as same-origin XSS because the response is served from the n8n application origin, giving injected JavaScript access to the victim's authenticated session cookies and UI state.
RemediationAI
Vendor-released patches are available: upgrade to n8n 1.123.55, 2.25.7, or 2.26.2 (or any later release) as documented in advisory GHSA-v733-mwr6-fgcm at https://github.com/n8n-io/n8n/security/advisories/GHSA-v733-mwr6-fgcm. If immediate upgrade is not possible, restrict workflow creation and edit permissions to fully trusted operators only, which removes the precondition for crafting a malicious Respond to Webhook node but reduces collaborative use of the platform. Alternatively, disable the affected node by adding n8n-nodes-base.respondToWebhook to the NODES_EXCLUDE environment variable, accepting that any existing workflows relying on synchronous webhook responses will break. The vendor explicitly notes these workarounds are partial mitigations only.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38475
GHSA-v733-mwr6-fgcm