Reflected XSS Vulnerability in n8n Workflow Automation Platform
CVE-2026-54303
6.8MEDIUM
What is CVE-2026-54303?
n8n, an open-source workflow automation platform, is vulnerable to a reflected XSS attack due to improper handling of query parameters in the Meta and Microsoft Teams trigger nodes. When a user, already logged into n8n, visits a maliciously crafted URL, the malicious payload is reflected in the HTTP response without proper sanitization or Content-Security-Policy headers. This creates an opportunity for attackers to execute scripts in the context of the user’s session. The vulnerability was addressed in version 2.24.0, and users are encouraged to update promptly to mitigate security risks.
Affected Version(s)
n8n < 2.24.0
