CVE-2026-25051

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.2

Description n8n is a workflow automation platform. A Cross-Site Scripting (XSS) issue exists in the handling of webhook responses and related HTTP endpoints. The Content Security Policy (CSP) sandbox protection may not be applied correctly under certain conditions. An authenticated user with appropriate permissions could exploit this to execute malicious scripts with same-origin privileges when other users interact with a crafted workflow, potentially leading to session hijacking and account takeover.

Recommendations Update to version 1.123.2 or later.