CVE-2026-54301 n8n-io CVE debrief

Who should care

Users of the n8n workflow automation platform should be aware of this vulnerability if they have workflow edit access or use public webhooks. System administrators and security teams responsible for n8n instances should prioritize patching to prevent potential code execution.

Technical summary

The vulnerability exists in the Respond to Webhook node of the n8n platform. An authenticated user with workflow edit access can configure the node to serve binary content with a user-controlled Content-Type header. When a public webhook is triggered and visited by an authenticated user, the bypassed Content-Security-Policy sandbox allows JavaScript execution in the n8n origin, granting access to the user's session. The issue is addressed in versions 1.123.55, 2.25.7, and 2.26.2.

Defensive priority

High priority should be given to updating n8n instances to versions 1.123.55, 2.25.7, or 2.26.2. In the meantime, restricting workflow edit access and closely monitoring public webhook usage and user activity can help mitigate the risk.

Recommended defensive actions

• Update n8n to version 1.123.55, 2.25.7, or 2.26.2.
• Restrict workflow edit access to trusted users.
• Monitor public webhook usage and user activity.
• Implement additional security measures such as IP restrictions for webhooks.
• Regularly review and audit workflows for suspicious configurations.

Evidence notes

The CVE-2026-54301 vulnerability details were obtained from the NVD database and the n8n security advisory. The vulnerability is considered high severity with a CVSS score of 7. Fixes are available in versions 1.123.55, 2.25.7, and 2.26.2. Users should verify their instance versions and update as necessary.

Official resources