CVE-2025-56265

High CVSS: 8.8

An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file.

Vendor

N8n

Product

N8n

CWE

CWE-434

Yayın Tarihi

2025-09-08 18:15:33

Güncelleme

2025-09-12 20:47:21

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-434 N8n HIGH N8n 2025

Referanslar

https://github.com/nikolas-ch/CVEs/blob/main/N8N/N8N_v1.100.1/ChatTrigger_StoredXSSviaUnrestrictedFileUpload/StoredXSSviaUnristrictedFileUpload.txt https://github.com/nikolas-ch/CVEs/tree/main/N8N/N8N_v1.100.1 https://github.com/nikolas-ch/CVEs/tree/main/N8N/N8N_v1.100.1/ChatTrigger_StoredXSSviaUnrestrictedFileUpload

Benzer Kayıtlar

High

CVE-2026-33722

n8n is an open source workflow automation platform. Prior to versions 2.6.4 and 1.123.23, an authenticated user without…

Medium

CVE-2026-33724

n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configure…

Medium

CVE-2026-33749

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated use…

Medium

CVE-2026-33751

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP n…

Medium

CVE-2026-33720

n8n is an open source workflow automation platform. Prior to version 2.8.0, when the `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK` e…

Critical

CVE-2026-33660

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated use…