AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-364x-8g5j-x2pr: n8n has XSS in its Credential Management Flow

mediumvulnerability

security

Source: GitHub Advisory DatabaseMarch 27, 2026

Summary

n8n, a workflow automation tool, has an XSS vulnerability (cross-site scripting, where malicious code runs in a user's browser) in its credential management system. An authenticated user could hide JavaScript in an OAuth2 credential's Authorization URL field, and if another user clicks the OAuth authorization button, that malicious script executes in their browser session.

Solution / Mitigation

The issue has been fixed in n8n versions 2.8.0 and 2.6.4. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should limit credential creation and sharing permissions to fully trusted users only, or restrict access to the n8n instance to trusted users only. Note: these workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

integrity

AI Component TargetedAgent

Affected Vendors

Affected Packages

n8n@< 2.6.4 (fixed: 2.6.4)n8n@>= 2.7.0, < 2.8.0 (fixed: 2.8.0)

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

high

GHSA-w3hv-x4fp-6h6j: @grackle-ai/server has Missing WebSocket Origin Header Validation

First tracked: March 28, 2026 at 02:00 AM

Classified by LLM (prompt v3) · confidence: 85%