CVE-2026-56356
MEDIUMn8n - Stored Cross-Site Scripting in Chat Trigger Node Custom CSS Field
Title source: cnaDescription
n8n contains a stored cross-site scripting vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. Affected releases are those before 1.123.27, the 2.0.0 through 2.13.2 line, and 2.14.0 (fixed in 1.123.27, 2.13.3, and 2.14.1). An authenticated user with permission to create or modify workflows can inject JavaScript that bypasses sanitization, resulting in stored XSS against any user who visits the public chat page.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-3c7f-5hgj-h279)
https://github.com/n8n-io/n8n/security/advisories/GHSA-3c7f-5hgj-h279
Third Party Advisory third-party-advisory
VulnCheck Advisory: n8n - Stored Cross-Site Scripting in Chat Trigger Node Custom CSS Field
https://www.vulncheck.com/advisories/n8n-stored-cross-site-scripting-in-chat-trigger-node-custom-css-field
Scores
CVSS v3
5.4
EPSS
0.0018
EPSS Percentile
8.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (9)
n8n/n8n
2.14.0
n8n/n8n
< 1.123.27 (2 CPE variants)
n8n/n8n
< 2.13.3
n8n/n8n
< 2.14.1
n8n/n8n
1.123.27
n8n/n8n
2.0.0-rc.0 - 2.13.3
n8n/n8n
2.13.3
n8n/n8n
2.14.0 - 2.14.1
n8n/n8n
2.14.1
Published
Jun 30, 2026
Tracked Since
Jul 01, 2026