CVE-2026-56359
Undergoing Analysis Undergoing Analysis - In Progress

Cross-Site Scripting in n8n Workflow Automation Platform

Vulnerability report for CVE-2026-56359, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: VulnCheck

Description

n8n before 2.8.0 contains a cross-site scripting vulnerability in the credential management flow where authenticated users can inject malicious JavaScript URLs into OAuth2 credential Authorization URL fields. Attackers can craft malicious credentials and trick victims into clicking the OAuth authorization button, executing arbitrary scripts in their browser session with the victim's privileges.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-08
AI Q&A
2026-07-08
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
n8n n8n to 2.6.4 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-56359 is a cross-site scripting (XSS) vulnerability found in n8n versions before 2.8.0 and 2.6.4. It occurs in the credential management flow, specifically in the OAuth2 credential Authorization URL field. Authenticated users with permission to create credentials can inject malicious JavaScript URLs into this field.

Attackers exploit this by crafting malicious credentials and tricking victims into clicking the OAuth authorization button. When the victim interacts with this button, the injected script executes in their browser session with their privileges, potentially allowing arbitrary script execution.

Impact Analysis

This vulnerability can lead to arbitrary script execution in the victim's browser session with their privileges. This means an attacker could perform actions on behalf of the victim, potentially accessing sensitive information or manipulating the victim's session.

However, exploitation requires the attacker to be an authenticated user with permission to create and share credentials, and the victim must interact by clicking the OAuth authorization button. The impact on confidentiality and integrity is considered low, and the overall severity is rated as moderate with a CVSS score of 4.8.

Detection Guidance

This vulnerability involves malicious JavaScript injection into the OAuth2 credential Authorization URL field by authenticated users. Detection involves identifying suspicious or unexpected JavaScript URLs in OAuth2 credential Authorization URL fields within the n8n application before version 2.8.0.

Since the vulnerability is related to credential management within the n8n application, detection commands would focus on inspecting stored OAuth2 credentials for suspicious Authorization URL values.

No specific detection commands are provided in the available resources.

Mitigation Strategies

The primary mitigation is to upgrade n8n to version 2.8.0 or later (or 2.6.4 or later if applicable), where the vulnerability has been patched.

As a temporary mitigation before upgrading, restrict credential creation and sharing permissions to trusted users only.

Additionally, limit access to the n8n instance to reduce the risk of exploitation.

Compliance Impact

The vulnerability allows authenticated users to inject malicious JavaScript into OAuth2 credential Authorization URL fields, which can lead to execution of arbitrary scripts in victims' browser sessions with their privileges.

This type of cross-site scripting (XSS) vulnerability could potentially impact compliance with standards like GDPR and HIPAA by exposing user sessions to unauthorized script execution, which may lead to unauthorized access or disclosure of sensitive information.

However, the vulnerability requires user interaction and authenticated access with permission to create and share credentials, which somewhat limits the risk.

To maintain compliance, affected users should apply the available patches and implement recommended mitigations such as restricting credential creation and sharing permissions to trusted users and limiting access to the n8n instance.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56359. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart