CVE-2026-25054 – n8n is Vulnerable to Stored Cross-Site Scripting via Markdown Rendering in Workflow UI

CVE ID : CVE-2026-25054

Published : Feb. 4, 2026, 4:47 p.m. | 31 minutes ago

Description : n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting (XSS) vulnerability existed in a markdown rendering component used in n8n’s interface, including workflow sticky notes and other areas that support markdown content. An authenticated user with permission to create or modify workflows could abuse this to execute scripts with same-origin privileges when other users interact with a maliciously crafted workflow. This could lead to session hijacking and account takeover. This issue has been patched in versions 1.123.9 and 2.2.1.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2026-25054 – n8n is Vulnerable to Stored Cross-Site Scripting via Markdown Rendering in Workflow UI

تکمیل ظرفیت سرور لهستان

سرور مناسب برای ترید و ارز دیجیتال

دیتاسنتر جدید در لهستان

سرور های جدید از اسپانیا

AMD EPYC & Ryzen از کشور انگلستان

آفر های جدید AMD EPYC و AMD Ryzen

آفر سرور اختصاصی از آمریکا

افزایش قیمت دامنه های ir از ۳۱ خرداد

افزایش قیمت جهانی دامنه .com

آفر های جدید سرور اختصاصی مرداد 1403

CVE-2026-22044 – GLPI is Vulnerable to Authenticated SQL Injection

سرور های جدید از روسیه-وارز

تخفیف ویژه دامنه .ASIA

ثبت دامنه .IO

انتقال رایگان پسوند دامنه PW

Kerio Control 9.2.4 Build 2223

نوشته های مشابه

CVE-2026-25140 – apko affected by potential unbounded resource consumption in expandapk.ExpandApk on attacker-controlled .apk streams

CVE-2026-25121 – apko is vulnerable to path traversal in apko dirFS which allows filesystem writes outside base

CVE-2026-25122 – apko is vulnerable to unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams

CVE-2026-25507 – ESF-IDF Has Use-after-free Vulnerability in BLE Provisioning