Cross-Site Scripting Vulnerability in n8n by n8n.io
CVE-2026-56359
4.8MEDIUM
What is CVE-2026-56359?
A cross-site scripting vulnerability exists in n8n prior to version 2.8.0. The flaw allows authenticated users to inject malicious JavaScript URLs within OAuth2 credential Authorization URL fields. By crafting deceptive credentials, attackers can lure victims into clicking on the OAuth authorization button, executing arbitrary scripts in the victim's browser session under their privileges. This exposes users to significant security risks and potential data breaches.
Affected Version(s)
n8n 0 < 2.8.0
n8n 0 < 2.6.4
n8n 2.8.0
