Detections
Analytics
n8n Node.js Package < 1.123.9 / 2.x < 2.2.1 Stored XSS (CVE-2026-25054)
high Nessus Plugin ID 298989
Synopsis
The n8n Node.js Package installed on the remote host is affected by a stored cross-site scripting vulnerability.Description
The version of the n8n Node.js Package installed on the remote host is prior to 1.123.9, or 2.x prior to 2.2.1. It is, therefore, affected by a stored cross-site scripting vulnerability:- A cross-site scripting (XSS) vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user with permission to create or modify workflows could abuse this to execute scripts with same-origin privileges when other users interact with a maliciously crafted workflow. This could lead to session hijacking and account takeover.
(CVE-2026-25054)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to n8n Node.js Package version 1.123.9 or 2.2.1 or later.See Also
Plugin Details
Severity: High
ID: 298989
File Name: n8n_nodejs_package_GHSA-qpq4-pw7f-pp8w.nasl
Version: 1.1
Type: local
Agent: windows, macosx, unix
Family: Misc.
Published: 2/13/2026
Updated: 2/13/2026
Configuration: Enable thorough checks (optional)
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.8
CVSS v2
Risk Factor: Medium
Base Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS Score Source: CVE-2026-25054
CVSS v3
Risk Factor: High
Base Score: 7.3
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
CVSS v4
Risk Factor: High
Base Score: 8.5
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Vulnerability Information
CPE: cpe:/a:nodejs:node.js
Required KB Items: Host/nodejs/modules/enumerated
Patch Publication Date: 2/4/2026
Vulnerability Publication Date: 2/4/2026
Reference Information
CVE: CVE-2026-25054