CVE-2026-42228 Overview
CVE-2026-42228 is a missing authorization vulnerability [CWE-862] in n8n, an open source workflow automation platform. The flaw exists in the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature. The endpoint failed to verify that an incoming connection was authorized to interact with the target execution.
An unauthenticated remote attacker who can identify a valid execution ID for a workflow in a waiting state can attach to that execution. The attacker can receive the pending prompt intended for the legitimate user and submit arbitrary input to resume or influence downstream workflow behavior. The issue is patched in versions 1.123.32, 2.17.4, and 2.18.1.
Critical Impact
Unauthenticated remote attackers can hijack waiting Chat Trigger executions, intercept prompts intended for legitimate users, and inject arbitrary input that alters workflow logic.
Affected Products
- n8n versions prior to 1.123.32
- n8n versions in the 2.17.x branch prior to 2.17.4
- n8n version 2.18.0 (fixed in 2.18.1)
Discovery Timeline
- 2026-05-04 - CVE-2026-42228 published to NVD
- 2026-05-06 - Last updated in NVD database
Technical Details for CVE-2026-42228
Vulnerability Analysis
The n8n Chat Trigger node provides a Hosted Chat feature that uses a WebSocket connection at /chat to deliver prompts to users and receive their responses during workflow execution. When a workflow reaches a chat step, it enters a waiting state and pauses until input arrives over the WebSocket channel.
The vulnerable code path accepts incoming WebSocket connections referencing an execution ID without confirming the requesting client is authorized to interact with that execution. Any client able to supply a valid execution ID joins the session as if it were the legitimate participant.
This enables two abuse scenarios. First, the attacker reads the pending prompt sent by the workflow, which may include sensitive context, user data, or operational details. Second, the attacker submits input that the workflow consumes as user response, redirecting subsequent automation steps such as approvals, data writes, or downstream integrations.
Root Cause
The root cause is a missing authorization check on the WebSocket handshake for the /chat endpoint. The server treated knowledge of an execution ID as sufficient proof of identity. Execution IDs are not designed as authentication secrets and may be observable, guessable, or leaked through logs and integrations.
Attack Vector
Attackers exploit this remotely over the network without credentials or user interaction. The attacker enumerates or otherwise obtains a valid execution ID for a workflow currently waiting on Chat Trigger input. They then open a WebSocket connection to /chat referencing that execution ID and interact with the session in place of the intended user.
The vulnerability mechanism is described in the n8n GitHub Security Advisory GHSA-f77h-j2v7-g6mw. No public proof-of-concept code is available at this time.
Detection Methods for CVE-2026-42228
Indicators of Compromise
- Unexpected WebSocket connections to the /chat endpoint originating from IP addresses not associated with legitimate workflow users.
- Multiple concurrent WebSocket sessions referencing the same execution ID.
- Workflow executions that resume from chat steps with input inconsistent with expected user behavior or content patterns.
Detection Strategies
- Inspect n8n application logs for /chat WebSocket handshakes and correlate the source IP with the user expected to respond to that execution.
- Audit execution histories for chat-driven workflows and flag any where the resume input arrived from an unrecognized session.
- Deploy reverse proxy logging in front of n8n to capture WebSocket Upgrade requests and the executionId parameter for review.
Monitoring Recommendations
- Alert on a high rate of failed or rapid sequential /chat connection attempts, which may indicate execution ID enumeration.
- Monitor for workflow runs that complete via Chat Trigger but have no corresponding authenticated user activity in upstream identity logs.
- Forward n8n access and execution logs to a centralized SIEM or data lake for retention and cross-correlation.
How to Mitigate CVE-2026-42228
Immediate Actions Required
- Upgrade n8n to 1.123.32, 2.17.4, or 2.18.1 depending on the deployed release branch.
- Inventory all workflows that use the Chat Trigger node with the Hosted Chat feature and review recent executions for anomalous resume input.
- Restrict network exposure of the n8n instance so the /chat endpoint is not reachable from untrusted networks while patching is in progress.
Patch Information
n8n maintainers released fixed versions 1.123.32, 2.17.4, and 2.18.1. The patches add authorization verification on incoming /chat WebSocket connections so that only clients authorized for the target execution can attach. Refer to the n8n GitHub Security Advisory GHSA-f77h-j2v7-g6mw for release notes.
Workarounds
- Disable Chat Trigger workflows that use the Hosted Chat feature until upgrade is complete.
- Place the n8n instance behind an authenticating reverse proxy or VPN that restricts WebSocket access to known users.
- Rotate or invalidate any execution IDs from waiting workflows that were active prior to patching, and re-trigger those workflows after upgrade.
# Upgrade n8n via npm to a patched release
npm install -g [email protected]
# Or for Docker deployments, pull the patched image tag
docker pull n8nio/n8n:2.18.1
docker stop n8n && docker rm n8n
docker run -d --name n8n -p 5678:5678 n8nio/n8n:2.18.1
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
