PT-2026-57175 · N8N · N8N

Tcu0N9

·

Publicado

2026-07-10

·

Atualizado

2026-07-10

·

CVE-2026-56354

CVSS v3.1

4.1

Média

VetorAV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
n8n before 1.123.24, 2.10.4, and 2.12.0 (across its 1.x and 2.x branches) contains cross-site scripting and open redirect vulnerabilities in the Form Node due to unsanitized HTML description fields and overly permissive iframe sandbox policies. Authenticated users with workflow creation permissions can inject malicious scripts or redirect parameters to perform stored XSS attacks or phishing redirects against end users.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-56354

Produtos afetados

N8N