CVE-2026-42235CRITICAL 9.6EPSS p23.5%

CVE-2026-42235CVE-2026-42235

Description

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted client_name. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would execute arbitrary JavaScript in the victim's authenticated n8n browser session, enabling credential and session token theft, workflow manipulation, or privilege escalation. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.

Scoring

CVSS 3.19.6 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS0.32% probability of exploitation · percentile 23.5% · 2026-06-19T12:03:05Z
Published2026-05-04
Last modified2026-05-06

Underlying weaknesses· 2

CWE-79CWE-87

References

  1. https://github.com/n8n-io/n8n/security/advisories/GHSA-537j-gqpc-p7fq

2

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')cwe-790%live
WeaknessImproper Neutralization of Alternate XSS Syntaxcwe-870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-21877
CVE
CVE-2026-42232
CVE
CVE-2026-25052
CVE
CVE-2026-25115
CVE
CVE-2026-21858
CVE
CVE-2026-42233
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.