AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-2p9h-rqjw-gm92: n8n Vulnerable to Stored XSS via Various Nodes

highvulnerability

security

Source: GitHub Advisory DatabaseFebruary 25, 2026CVE-2026-27578

Summary

n8n, a workflow automation platform, has a stored XSS (cross-site scripting, where attackers inject malicious code into a website that runs when other users visit it) vulnerability in multiple nodes. An authenticated user with workflow creation permissions could inject malicious scripts that execute in other users' browsers, potentially leading to session hijacking (stealing a user's active login) and account takeover.

Solution / Mitigation

The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later. If upgrading is not immediately possible, administrators can temporarily limit workflow creation and editing permissions to fully trusted users only, or disable the Webhook node by adding 'n8n-nodes-base.webhook' to the 'NODES_EXCLUDE' environment variable. However, these workarounds do not fully remediate the risk and should only be used as short-term measures.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Affected Vendors

Affected Packages

n8n@>= 2.10.0, < 2.10.1 (fixed: 2.10.1)n8n@>= 2.0.0, < 2.9.3 (fixed: 2.9.3)n8n@< 1.123.22 (fixed: 1.123.22)

Original source: https://github.com/advisories/GHSA-2p9h-rqjw-gm92

First tracked: February 25, 2026 at 11:00 PM

Classified by LLM (prompt v3) · confidence: 85%