CVE-2026-25051

Description

n8n's Improper CSP Enforcement in Webhook Responses May Allow Stored XSS

Predictions

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

• https://github.com/n8n-io/n8n/security/advisories/GHSA-825q-w924-xhgx
• https://nvd.nist.gov/vuln/detail/CVE-2026-25051
• https://github.com/n8n-io/n8n/commit/ced34c0f93ab4c759a56065965986094d8ef7323
• https://github.com/n8n-io/n8n/commit/e8cf4d6bb3af94dc296cbb67bc3dd20e9b508ac9
• https://github.com/n8n-io/n8n