CVE-2026-25054

CVSS v4.0

8.5

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.9 n8n versions prior to 2.2.1

Description n8n is a workflow automation platform. A Cross-Site Scripting (XSS) issue existed in a markdown rendering component within the n8n interface, affecting areas that support markdown content, such as workflow sticky notes. An authenticated user with workflow modification permissions could exploit this to execute scripts with same-origin privileges when other users interact with a maliciously crafted workflow. This could potentially lead to session hijacking and account takeover.

Recommendations Update n8n to version 1.123.9 or later. Update n8n to version 2.2.1 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-80

Related Identifiers

BDU:2026-02169

CVE-2026-25054

GHSA-QPQ4-PW7F-PP8W

Affected Products

N8N

CVE-2026-25054

Weakness Enumeration

Related Identifiers

Affected Products

References · 10