n8n – Stored Cross-Site Scripting in Form Trigger Node

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Description

n8n before 1.123.25 (1.x) and before 2.11.2 (2.x), with the fix also included in 2.12.0, contains a stored cross-site scripting vulnerability in the Form Trigger node's CSS sanitization that allows authenticated users to inject malicious scripts. Attackers with workflow creation permissions can inject XSS payloads that execute persistently for all form visitors, enabling form hijacking and phishing attacks.

Basic Information

ID CVE-2026-56358

Source VulnCheck

Published Jun 24, 2026 at 11:53

Affected Product

Vendor n8n

Product n8n

Affected Versions n8n n8n 0
n8n n8n 2.0.0-rc.0
n8n n8n 0
n8n n8n 0

CWE Classification

CWE-79

References

{
    "lastseen": "",
    "description": "n8n before 1.123.25 (1.x) and before 2.11.2 (2.x), with the fix also included in 2.12.0, contains a stored cross-site scripting vulnerability in the Form Trigger node's CSS sanitization that allows authenticated users to inject malicious scripts. Attackers with workflow creation permissions can inject XSS payloads that execute persistently for all form visitors, enabling form hijacking and phishing attacks.",
    "published": "2026-06-24T11:53:19.735Z",
    "modified": "2026-06-24T11:53:19.735Z",
    "type": "cve",
    "title": "n8n - Stored Cross-Site Scripting in Form Trigger Node",
    "source": "VulnCheck",
    "references": "https://github.com/n8n-io/n8n/security/advisories/GHSA-q4fm-pjq6-m63g\nhttps://www.vulncheck.com/advisories/n8n-stored-cross-site-scripting-in-form-trigger-node",
    "id": "CVE-2026-56358",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "n8n n8n 0\nn8n n8n 2.0.0-rc.0\nn8n n8n 0\nn8n n8n 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "n8n",
    "version": "0",
    "vendor": "n8n",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

n8n – Stored Cross-Site Scripting in Form Trigger Node_CVE-2026-56358