CVE-2026-42228
Undergoing Analysis Undergoing Analysis - In Progress

WebSocket Authorization Bypass in n8n

Vulnerability report for CVE-2026-42228, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-04

Last updated on: 2026-05-06

Assigner: GitHub, Inc.

Description

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated remote attacker who could identify a valid execution ID for a workflow in a waiting state could attach to that execution, receive the pending prompt intended for the legitimate user, and submit arbitrary input to resume or influence downstream workflow behavior. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-04
Last Modified
2026-05-06
Generated
2026-07-06
AI Q&A
2026-05-05
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
n8n n8n to 1.123.32 (exc)
n8n n8n 2.18.0
n8n n8n From 2.17.0 (inc) to 2.17.4 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects the n8n workflow automation platform. Before certain fixed versions, the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify if an incoming connection was authorized to interact with a specific workflow execution.

An unauthenticated remote attacker who could find a valid execution ID for a workflow waiting for input could connect to that execution, receive the prompt meant for the legitimate user, and send arbitrary input to influence or resume the workflow.

This flaw allows unauthorized access and manipulation of workflow executions via the WebSocket endpoint.

Impact Analysis

The vulnerability can allow an attacker to intercept and manipulate workflow executions without authentication.

This could lead to unauthorized disclosure of pending prompts or data intended for legitimate users.

Additionally, attackers could influence downstream workflow behavior by submitting arbitrary inputs, potentially causing unintended actions or data processing.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade n8n to one of the patched versions: 1.123.32, 2.17.4, or 2.18.1.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42228. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart