CNNVD-202512-4826 Information

CNNVD ID

CNNVD-202512-4826

Related CVE

CVE-2025-61914

• CNNVD Published: 2025-12-26

Description (Chinese)

n8n是n8n开源的一个可扩展的工作流自动化工具。 n8n 1.114.0之前版本存在跨站脚本漏洞，该漏洞源于Respond to Webhook节点处理HTML内容时未正确沙箱化，可能导致具有工作流创建权限的攻击者在编辑器环境中执行任意JavaScript代码。

Description (English)

n8n is an expanded workflow automation tool for n8n open source. n8n 1.114.0 pre-version contains a cross-site script loophole, which originates from the incorrect sandboxing of HTML content at the Respond to Webhook node, which could lead to the implementation of any JavaScript code in the editor environment by the assailant with workstream creation permission.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

n8n

Published

2025-12-26

Last Modified

2026-02-24

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-58jc-rcg5-95f3 https://access.redhat.com/security/cve/cve-2025-61914

Patch

https://github.com/n8n-io/n8n/releases