Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable web UI, authenticated workflow editor required (PR:L), victim must visit chat URL (UI:R), and XSS in n8n origin crosses to the victim's session context (S:C).
Primary rating from Vendor (https://github.com/n8n-io/n8n).
CVSS VectorVendor: https://github.com/n8n-io/n8n
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
Impact
An authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the injected code executed in the n8n origin with that user's session privileges.
Patches
The issue has been fixed in n8n versions 1.123.55, 2.25.7, and 2.26.2. Users should upgrade to one of these versions or later to remediate the vulnerability.
Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
- Limit workflow creation and editing permissions to fully trusted users only.
- Disable the Chat Trigger node by adding
@n8n/n8n-nodes-langchain.chatTriggerto theNODES_EXCLUDEenvironment variable.
These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
AnalysisAI
Stored cross-site scripting in n8n workflow automation platform allows authenticated users with workflow edit permissions to inject arbitrary JavaScript via the Chat Trigger node's webhookId parameter. When a logged-in user visits the chat URL, the injected code executes in the n8n origin with the victim's session privileges, enabling account takeover. No public exploit identified at time of analysis, but a vendor-released patch is available.
Technical ContextAI
n8n is a popular open-source workflow automation platform distributed via npm (pkg:npm/n8n). The vulnerability is a CWE-79 (Improper Neutralization of Input During Web Page Generation, i.e., Cross-Site Scripting) flaw in the Chat Trigger node provided by the @n8n/n8n-nodes-langchain package. The webhookId field, which forms part of the chat URL and is rendered into the generated chat page, is insufficiently sanitized, allowing an attacker to break out of the intended HTML/JS context and inject script that runs same-origin in the n8n web UI.
RemediationAI
Vendor-released patch: upgrade n8n to 1.123.55, 2.25.7, or 2.26.2 (or later), as appropriate for your release track, per the GitHub Security Advisory at https://github.com/n8n-io/n8n/security/advisories/GHSA-42h7-m79w-wvg5. If immediate upgrade is not possible, restrict workflow creation and editing permissions to fully trusted users only to reduce the pool of potential injectors, and disable the Chat Trigger node by adding @n8n/n8n-nodes-langchain.chatTrigger to the NODES_EXCLUDE environment variable - the trade-off is that any existing chat-based workflows will stop functioning. These workarounds are partial and should be treated as bridging measures, not a substitute for patching.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38477
GHSA-42h7-m79w-wvg5