CVE-2026-56356 Overview
CVE-2026-56356 is a stored cross-site scripting (XSS) vulnerability in n8n, the workflow automation platform. The flaw resides in the Chat Trigger node's Custom CSS field and stems from a misconfiguration of the sanitize-html library. An authenticated user with permission to create or modify workflows can inject JavaScript that bypasses sanitization. The payload executes in the browser of any user who visits the public chat page. The issue is tracked under [CWE-79] and affects releases before 1.123.27, the 2.0.0 through 2.13.2 branch, and 2.14.0.
Critical Impact
Authenticated workflow editors can store JavaScript that executes against any visitor of the affected public chat page, enabling session theft and account takeover.
Affected Products
- n8n versions prior to 1.123.27
- n8n versions 2.0.0 through 2.13.2
- n8n version 2.14.0
Discovery Timeline
- 2026-06-30 - CVE-2026-56356 published to NVD
- 2026-07-02 - Last updated in NVD database
Technical Details for CVE-2026-56356
Vulnerability Analysis
The vulnerability exists in the Chat Trigger node, which allows workflow authors to expose a public chat interface. The node supports a Custom CSS field intended to let operators style the chat UI. n8n passes this input through the sanitize-html library before rendering. The library is configured incorrectly, leaving vectors that permit JavaScript execution to survive sanitization. Because the input persists in workflow definitions and is served to every visitor of the public chat page, the payload becomes a stored XSS. Any user who loads the affected chat page executes attacker-controlled script in their browser session.
Root Cause
The root cause is a misconfiguration of the sanitize-html allowlist and CSS parsing rules used by the Chat Trigger node. The configuration does not strip all elements, attributes, or CSS constructs capable of introducing script execution. As a result, crafted input in the Custom CSS field bypasses the intended sanitization boundary.
Attack Vector
Exploitation requires an authenticated account with permission to create or edit workflows. The attacker configures a Chat Trigger node and injects a payload into the Custom CSS field. Once saved and published, the malicious content is served on the public chat page. Victims triggering the payload require user interaction by visiting the page. Successful exploitation can lead to session cookie theft, credential harvesting through injected forms, or arbitrary actions performed as the victim within n8n.
No verified public proof-of-concept code is available. See the GitHub Security Advisory GHSA-3c7f-5hgj-h279 and VulnCheck Advisory for technical details.
Detection Methods for CVE-2026-56356
Indicators of Compromise
- Chat Trigger nodes containing unusual content in the Custom CSS field, particularly HTML tags, <script> fragments, expression(...) constructs, or url(javascript:...) patterns.
- Unexpected outbound requests from browsers loading public chat pages to attacker-controlled domains.
- Workflow modification events performed by accounts that do not normally author chat workflows.
Detection Strategies
- Audit stored workflow JSON for Chat Trigger nodes and inspect the customCss property for HTML or script constructs.
- Review web server and reverse proxy logs for requests to /webhook/chat/* endpoints followed by anomalous third-party resource loads.
- Correlate workflow create and update events with the user identity performing them to detect unauthorized edits.
Monitoring Recommendations
- Enable audit logging in n8n and forward events to a centralized log platform for review.
- Alert on any modification to Chat Trigger nodes and on the introduction of non-CSS characters in the Custom CSS field.
- Monitor for browser-side Content Security Policy (CSP) violations reported by users of public chat pages.
How to Mitigate CVE-2026-56356
Immediate Actions Required
- Upgrade n8n to 1.123.27, 2.13.3, or 2.14.1 depending on the deployed branch.
- Review all existing Chat Trigger nodes and clear or validate the Custom CSS field content.
- Restrict workflow creation and editing permissions to trusted users only.
- Rotate session tokens and API keys if unauthorized modifications to chat workflows are found.
Patch Information
n8n released fixes in versions 1.123.27, 2.13.3, and 2.14.1. The patches update the sanitize-html configuration used by the Chat Trigger node to remove the bypass. Refer to the GitHub Security Advisory GHSA-3c7f-5hgj-h279 for release notes and upgrade guidance.
Workarounds
- Disable the Chat Trigger node or unpublish public chat pages until the upgrade is complete.
- Remove Custom CSS content from all Chat Trigger nodes and prevent editors from re-adding it via policy.
- Deploy a strict Content Security Policy on the reverse proxy fronting n8n to block inline script execution on chat pages.
# Upgrade n8n via npm to a fixed release
npm install -g n8n@1.123.27
# Or for the 2.x branch
npm install -g n8n@2.14.1
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

