n8n: Stored XSS in Chat Trigger Node

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in the n8n Chat Trigger node. An authenticated user with workflow edit access can inject arbitrary JavaScript by setting a malicious webhookId in the node configuration. When any logged-in user visits the generated chat URL, the injected script executes in the n8n origin with that user's session privileges. Affected versions include all prior to 1.123.55, 2.25.7, and 2.26.2 [1][2].

Exploitation

An attacker must have valid credentials and workflow edit permissions in n8n. The attacker creates or modifies a workflow containing a Chat Trigger node, setting the webhookId parameter to a crafted JavaScript payload. Once the workflow is saved and activated, any authenticated user who navigates to the chat URL triggers the payload. No additional user interaction beyond visiting the page is required [1][2].

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser within the n8n application origin. This can lead to session hijacking, data exfiltration, or actions performed on behalf of the victim, such as modifying workflows or accessing sensitive information. The CVSS 3.1 vector is AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N, indicating high confidentiality impact and low integrity impact [1][2].

Mitigation

The vulnerability is fixed in n8n versions 1.123.55, 2.25.7, and 2.26.2. Users should upgrade to one of these versions or later. If immediate upgrade is not possible, administrators can limit workflow creation and editing permissions to trusted users only, or disable the Chat Trigger node by adding @n8n/n8n-nodes-langchain.chatTrigger to the NODES_EXCLUDE environment variable. These workarounds do not fully remediate the risk and should be considered temporary [1][2].