Loading market data...
← Back to CVE feed

CVE-2026-56359

MEDIUM CVSS 5.4 View on NVD ↗

Description

n8n before 2.8.0 contains a cross-site scripting vulnerability in the credential management flow where authenticated users can inject malicious JavaScript URLs into OAuth2 credential Authorization URL fields. Attackers can craft malicious credentials and trick victims into clicking the OAuth authorization button, executing arbitrary scripts in their browser session with the victim's privileges.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Affected Products

n8n/n8n
Published: Jul 08, 2026 14:17 UTC Modified: Jul 08, 2026 19:34 UTC