Description
n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting (XSS) vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user with permission to create or modify workflows could abuse this to execute scripts with same-origin privileges when other users interact with a maliciously crafted workflow. This could lead to session hijacking and account takeover. This issue has been patched in versions 1.123.9 and 2.2.1.
Published: 2026-02-04
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑site scripting that permits an attacker to run arbitrary scripts with the privileges of users who view a crafted workflow, potentially leading to session hijacking and account takeover.
Action: Immediate Patch
AI Analysis

Impact

A stored cross‑site scripting vulnerability exists in the markdown rendering component used throughout the n8n workflow interface, including sticky notes and other markdown‑enabled fields. An authenticated user who can create or edit workflows can embed malicious JavaScript that is executed in the browsers of any users who subsequently view the workflow. Because the scripts run with the same origin as the application, they can access session cookies and perform actions on behalf of the victim, enabling session hijacking and possible full account takeover. The underlying weakness is reflected in CWE‑79 and CWE‑80.

Affected Systems

All installations of n8n prior to version 1.123.9 and 2.2.1 are impacted. The affected product is the open‑source workflow automation platform n8n, maintained by n8n‑io.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.5, indicating high severity. Its EPSS score is less than 1 %, suggesting that current exploit activity is low, and it is not listed in CISA’s KEV catalog. Exploitation requires authentication with rights to create or modify workflows, after which the malicious script is delivered purely through UI interaction. While the attack is limited to users who view the compromised workflow, the potential for privilege escalation is significant, warranting prompt remediation.

Generated by OpenCVE AI on April 17, 2026 at 23:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the n8n application to version 1.123.9 or later, or 2.2.1 or later.
  • Restrict workflow creation and editing permissions to trusted users until the patch can be applied.
  • If a version upgrade is not immediately possible, consider disabling or escaping markdown rendering in workflow sticky notes and related UI elements to prevent script execution.

Generated by OpenCVE AI on April 17, 2026 at 23:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-qpq4-pw7f-pp8w n8n Has Stored Cross-site Scripting via Markdown Rendering in Workflow UI
History

Thu, 05 Feb 2026 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

Thu, 05 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Feb 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared N8n
N8n n8n
Vendors & Products N8n
N8n n8n

Wed, 04 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Description n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting (XSS) vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user with permission to create or modify workflows could abuse this to execute scripts with same-origin privileges when other users interact with a maliciously crafted workflow. This could lead to session hijacking and account takeover. This issue has been patched in versions 1.123.9 and 2.2.1.
Title n8n is Vulnerable to Stored Cross-Site Scripting via Markdown Rendering in Workflow UI
Weaknesses CWE-79
CWE-80
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

N8n N8n
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-05T14:35:49.261Z

Reserved: 2026-01-28T14:50:47.888Z

Link: CVE-2026-25054

cve-icon Vulnrichment

Updated: 2026-02-05T14:20:22.276Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-04T17:16:23.377

Modified: 2026-02-05T20:39:47.553

Link: CVE-2026-25054

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T23:30:15Z

Weaknesses