CVE-2026-25054
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-02-04

Last updated on: 2026-02-05

Assigner: GitHub, Inc.

Description
n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting (XSS) vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user with permission to create or modify workflows could abuse this to execute scripts with same-origin privileges when other users interact with a maliciously crafted workflow. This could lead to session hijacking and account takeover. This issue has been patched in versions 1.123.9 and 2.2.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-02-05
Generated
2026-05-07
AI Q&A
2026-02-04
EPSS Evaluated
2026-05-05
NVD
CVE-2026-25054
EUVD
EUVD-2026-5417
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
n8n n8n to 1.123.9 (exc)
n8n n8n From 2.0.0 (inc) to 2.2.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-80 The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a Cross-Site Scripting (XSS) issue found in the n8n workflow automation platform prior to versions 1.123.9 and 2.2.1. It exists in a markdown rendering component used in the interface, including workflow sticky notes and other markdown-supported areas.

An authenticated user with permission to create or modify workflows can exploit this vulnerability by crafting malicious markdown content that executes scripts with same-origin privileges when other users interact with the affected workflow.

This can lead to session hijacking and account takeover.


How can this vulnerability impact me? :

The vulnerability can allow an attacker who has workflow creation or modification permissions to execute malicious scripts in the context of other users interacting with the workflow.

This can result in session hijacking, where an attacker can steal session tokens, and account takeover, compromising user accounts.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, upgrade n8n to version 1.123.9 or later, or version 2.2.1 or later, where the Cross-Site Scripting (XSS) issue in the markdown rendering component has been patched.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart