CVE-2026-42228
WebSocket Authorization Bypass in n8n
Publication date: 2026-05-04
Last updated on: 2026-05-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| n8n | n8n | to 1.123.32 (exc) |
| n8n | n8n | 2.18.0 |
| n8n | n8n | From 2.17.0 (inc) to 2.17.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the n8n workflow automation platform. Before certain fixed versions, the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify if an incoming connection was authorized to interact with a specific workflow execution.
An unauthenticated remote attacker who could find a valid execution ID for a workflow waiting for input could connect to that execution, receive the prompt meant for the legitimate user, and send arbitrary input to influence or resume the workflow.
This flaw allows unauthorized access and manipulation of workflow executions via the WebSocket endpoint.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to intercept and manipulate workflow executions without authentication.
This could lead to unauthorized disclosure of pending prompts or data intended for legitimate users.
Additionally, attackers could influence downstream workflow behavior by submitting arbitrary inputs, potentially causing unintended actions or data processing.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade n8n to one of the patched versions: 1.123.32, 2.17.4, or 2.18.1.