CVE-2026-56358
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
Stored XSS vulnerability in n8n before versions 1.123.25 (1.x) and 2.11.2 (2.x) (also fixed in 2.12.0) in the Form Trigger node's CSS sanitization allows authenticated users with workflow creation permissions to inject malicious scripts that execute persistently for all form visitors.
Risk Assessment
Attackers can hijack forms and conduct phishing attacks, leading to data theft or further compromise of users.
Recommendation
Immediately update n8n to version 1.123.25, 2.11.2, or 2.12.0. Restrict workflow creation permissions to trusted users only.
Original NVD description (English source)
n8n before 1.123.25 (1.x) and before 2.11.2 (2.x), with the fix also included in 2.12.0, contains a stored cross-site scripting vulnerability in the Form Trigger node's CSS sanitization that allows authenticated users to inject malicious scripts. Attackers with workflow creation permissions can inject XSS payloads that execute persistently for all form visitors, enabling form hijacking and phishing attacks.

