CNNVD-202509-1071 Information
CNNVD ID
CNNVD-202509-1071
Related CVE
- CNNVD Published: 2025-09-08
Description (Chinese)
n8n是n8n开源的一个可扩展的工作流自动化工具。 N8N v1.95.3、v1.100.1和v1.101.1版本存在安全漏洞,该漏洞源于Chat Trigger组件存在任意文件上传,可能导致执行任意代码。
Description (English)
n8n is an expanded workflow automation tool for n8n open source. N8N v1.95.3, v1.100.1 and v1.101.1 contain security loopholes that stem from the arbitrary uploading of the Chat Trigger component, which may result in the enforcement of any code.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
n8n
Published
2025-09-08
Last Modified
2026-02-24
References
https://github.com/nikolas-ch/CVEs/tree/main/N8N/N8N_v1.100.1 https://github.com/nikolas-ch/CVEs/tree/main/N8N/N8N_v1.100.1/ChatTrigger_StoredXSSviaUnrestrictedFileUpload https://github.com/nikolas-ch/CVEs/blob/main/N8N/N8N_v1.100.1/ChatTrigger_StoredXSSviaUnrestrictedFileUpload/StoredXSSviaUnristrictedFileUpload.txt https://access.redhat.com/security/cve/cve-2025-56265
Patch
https://github.com/n8n-io/n8n/releases
Share on: