Description
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated remote attacker who could identify a valid execution ID for a workflow in a waiting state could attach to that execution, receive the pending prompt intended for the legitimate user, and submit arbitrary input to resume or influence downstream workflow behavior. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
Published: 2026-05-04
Score: 6.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated remote attacker who identifies a valid execution id for a workflow waiting for a chat prompt can attach to the /chat WebSocket endpoint and send arbitrary input, thereby influencing or hijacking downstream workflow behavior. The vulnerability stems from missing authorization checks on incoming connections and is classified as a Privilege Escalation weakness (CWE‑862). The impact is the ability to modify the logic and output of a workflow without proper authentication, potentially leading to data leakage or unwanted external actions.

Affected Systems

The affected product is n8n by n8n‑io. Versions before 1.123.32, 2.17.4, and 2.18.1 are vulnerable. Users must verify that they are running a patched release to mitigate the issue.

Risk and Exploitability

The CVSS score of 6.3 indicates a moderate severity. The EPSS score is not available, so the current exploitation probability cannot be quantified. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is through an open WebSocket connection to the /chat endpoint; the attacker must discover a valid execution id but does not need any credential to exploit the flaw.

Generated by OpenCVE AI on May 4, 2026 at 20:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a patch to upgrade to n8n version 1.123.32 or newer, 2.17.4 or newer, or 2.18.1 or newer.
  • If a patch cannot be applied immediately, block unauthenticated access to the /chat WebSocket endpoint using firewall rules or reverse‑proxy access controls.
  • Restrict exposure of workflow execution identifiers to authorized users only and monitor for suspicious activity on the chat endpoint.

Generated by OpenCVE AI on May 4, 2026 at 20:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 19:00:00 +0000

Type Values Removed Values Added
Description n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated remote attacker who could identify a valid execution ID for a workflow in a waiting state could attach to that execution, receive the pending prompt intended for the legitimate user, and submit arbitrary input to resume or influence downstream workflow behavior. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
Title n8n: Hijacking of Unauthenticated Chat Execution
Weaknesses CWE-862
References
Metrics cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-04T18:27:06.649Z

Reserved: 2026-04-25T05:37:12.117Z

Link: CVE-2026-42228

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-04T19:16:04.900

Modified: 2026-05-04T19:16:04.900

Link: CVE-2026-42228

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T20:30:08Z

Weaknesses