CVE-2026-54301 Overview
CVE-2026-54301 is a stored cross-site scripting (XSS) vulnerability in n8n, an open source workflow automation platform. An authenticated user with workflow edit access can configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type header. The binary response path bypasses the central Content-Security-Policy (CSP) sandbox header. As a result, a public webhook can execute JavaScript in the n8n origin when visited by an authenticated user. The attacker gains access to that user's session. The issue is tracked as [CWE-79] and fixed in versions 1.123.55, 2.25.7, and 2.26.2.
Critical Impact
A low-privileged n8n editor can hijack the session of any authenticated user who visits a malicious public webhook URL.
Affected Products
- n8n versions prior to 1.123.55
- n8n versions prior to 2.25.7
- n8n versions prior to 2.26.2
Discovery Timeline
- 2026-06-23 - CVE-2026-54301 published to NVD
- 2026-06-24 - Last updated in NVD database
Technical Details for CVE-2026-54301
Vulnerability Analysis
The vulnerability resides in the Respond to Webhook node, which lets workflow authors define HTTP responses for public webhook endpoints. n8n applies a Content-Security-Policy sandbox header centrally to constrain how responses render in the browser. However, the binary response code path does not enforce that header. An authenticated user with workflow edit privileges can therefore craft a response that sets Content-Type: text/html on binary data containing JavaScript.
When a victim authenticated to n8n visits the public webhook URL, the browser renders the response inside the n8n origin. The script executes with full access to session cookies, authentication tokens, and any API endpoint the victim can reach. This converts a low-privileged editor role into full account takeover of higher-privileged users.
Root Cause
The root cause is missing CSP enforcement on the binary response branch of the webhook responder. Header policy was applied only for text and JSON responses, leaving binary payloads outside the sandbox. Combined with an attacker-controlled Content-Type, this allows arbitrary HTML and JavaScript to be served from a trusted n8n endpoint.
Attack Vector
Exploitation requires network access to the n8n instance and an authenticated account with workflow edit permission. The attacker builds a workflow whose Respond to Webhook node returns binary content with a Content-Type such as text/html and an HTML payload containing JavaScript. The attacker then distributes the public webhook URL. When any authenticated n8n user opens it, the payload runs in the n8n origin and can call internal APIs as that user. User interaction is required to land the attack. See the GitHub Security Advisory GHSA-v733-mwr6-fgcm for advisory details.
Detection Methods for CVE-2026-54301
Indicators of Compromise
- Respond to Webhook nodes configured to return binary data with a Content-Type of text/html, image/svg+xml, or other script-capable MIME types.
- Public webhook URLs being shared internally or externally with HTML or script content in their responses.
- Authenticated session activity originating from unusual referrers or immediately following a click on a webhook URL.
Detection Strategies
- Audit all workflows for Respond to Webhook nodes that set custom Content-Type headers on binary responses.
- Review reverse proxy and application logs for webhook responses returning HTML or SVG content to authenticated browser sessions.
- Inspect n8n audit logs for workflow edits performed by accounts that do not normally publish webhook integrations.
Monitoring Recommendations
- Alert on creation or modification of workflows that combine binary response mode with HTML-class MIME types.
- Monitor outbound API calls from n8n user sessions for anomalous endpoint access following webhook visits.
- Track authentication events for session reuse from new IP addresses shortly after webhook traffic.
How to Mitigate CVE-2026-54301
Immediate Actions Required
- Upgrade n8n to 1.123.55, 2.25.7, or 2.26.2 depending on your release track.
- Review and remove any untrusted Respond to Webhook nodes serving binary content with HTML-class Content-Types.
- Rotate session tokens and API keys for users who may have visited attacker-controlled webhook URLs.
- Restrict workflow edit permissions to trusted operators until patching is complete.
Patch Information
The maintainers fixed the issue by extending the Content-Security-Policy sandbox header to the binary response path of the Respond to Webhook node. Apply the patch by upgrading to n8n 1.123.55, 2.25.7, or 2.26.2. Refer to the n8n GitHub Security Advisory for release notes.
Workarounds
- Limit the workflow:edit permission to a small set of trusted administrators.
- Enforce a strict Content-Security-Policy at the reverse proxy layer in front of n8n until the upgrade is applied.
- Disable or remove public webhook endpoints that are not actively required for production workflows.
# Upgrade n8n via npm
npm install -g n8n@1.123.55
# Or upgrade via Docker
docker pull n8nio/n8n:2.26.2
docker stop n8n && docker rm n8n
docker run -d --name n8n -p 5678:5678 n8nio/n8n:2.26.2
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

