PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-56354 n8n CVE debrief

CVE-2026-56354 is a medium-severity vulnerability in n8n, a workflow automation tool. The vulnerability exists in the Form Node and is caused by unsanitized HTML description fields and overly permissive iframe sandbox policies. This allows authenticated users with workflow creation permissions to inject malicious scripts or redirect parameters, potentially leading to stored XSS attacks or phishing redirects against end users.

Vendor
n8n
Product
Unknown
CVSS
MEDIUM 5.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-10
Original CVE updated
2026-07-10
Advisory published
2026-07-10
Advisory updated
2026-07-10

Who should care

Users of n8n, particularly those with workflow creation permissions, should be aware of this vulnerability. Administrators and security teams responsible for n8n instances should prioritize patching to prevent potential attacks.

Technical summary

The vulnerability in n8n's Form Node allows for cross-site scripting (XSS) and open redirect attacks. The issue arises from unsanitized HTML description fields and overly permissive iframe sandbox policies. Authenticated users with workflow creation permissions can exploit this vulnerability to inject malicious scripts or redirect parameters. This could lead to stored XSS attacks or phishing redirects against end users. The CVSS score for this vulnerability is 5.1, indicating a medium severity level.

Defensive priority

Patching affected n8n instances should be prioritized due to the potential for authenticated users to exploit this vulnerability for malicious purposes.

Recommended defensive actions

  • Apply patches or updates to n8n versions 1.123.24, 2.10.4, or 2.12.0, or later
  • Restrict workflow creation permissions to trusted users
  • Monitor n8n instances for suspicious activity
  • Implement additional security measures such as input validation and output encoding
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed

Evidence notes

The CVE record was published on 2026-07-10T15:16:43.030Z and was last modified on 2026-07-10T17:49:57.737Z. The NVD entry is currently Undergoing Analysis. References include GitHub security advisories and Vulncheck advisories.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T15:16:43.030Z and has not been modified since then. The NVD entry is currently Undergoing Analysis.