CVE-2026-54301
n8n: Same-Origin XSS in Respond to Webhook Node
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type. The binary response path bypassed the central Content-Security-Policy sandbox header, allowing a public webhook to execute JavaScript in the n8n origin when visited by an authenticated user, with access to that user's session. This vulnerability is fixed in 1.123.55, 2.25.7, and 2.26.2.
| CWE | CWE-79 |
| Vendor | n8n-io |
| Product | n8n |
| Published | Jun 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for n8n-io n8n
Be the first to know when new unknown vulnerabilities affecting n8n-io n8n are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
n8n-io / n8n
< 1.123.55 >= 2.0.0-rc.0, < 2.25.7 >= 2.26.0, < 2.26.2