CNNVD-202602-615 Information
CNNVD ID
CNNVD-202602-615
Related CVE
- CNNVD Published: 2026-02-04
Description (Chinese)
n8n是n8n开源的一个可扩展的工作流自动化工具。 n8n 1.123.2之前版本存在跨站脚本漏洞,该漏洞源于Webhook响应和HTTP端点处理不当,可能导致跨站脚本攻击、会话劫持和账户接管。
Description (English)
n8n is an expanded workflow automation tool for n8n open source. n8n 1.123.2 Before version 1.123.2, there was a cross-site script loophole, which originated from the Webhook response and inappropriate handling of the HTTP endpoint, which could lead to cross-site script attacks, session hijackings and account takeovers.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
n8n
Published
2026-02-04
Last Modified
2026-02-24
References
https://github.com/n8n-io/n8n/commit/ced34c0f93ab4c759a56065965986094d8ef7323 https://github.com/n8n-io/n8n/commit/e8cf4d6bb3af94dc296cbb67bc3dd20e9b508ac9 https://github.com/n8n-io/n8n/security/advisories/GHSA-825q-w924-xhgx https://access.redhat.com/security/cve/cve-2026-25051
Patch
https://github.com/n8n-io/n8n/releases
Share on: