GHSA-MVH4-2CM2-6HPG

Vulnerability from github – Published: 2025-09-15 17:14 – Updated: 2025-09-15 20:07
VLAI?
Summary
Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter
Details

Impact

A stored Cross-Site Scripting (XSS) vulnerability was identified in the @n8n/n8n-nodes-langchain.chatTrigger node in n8n. If an authorized user configures the node with malicious JavaScript in the initialMessages field and enables public access, the script will be executed in the browser of anyone who visits the resulting public chat URL.

This vulnerability could be exploited for phishing or to steal cookies or other sensitive data from users who access the public chat link, posing a security risk.

Patches

This issue has been patched in version 1.107.0 of n8n. Users should upgrade to version 1.107.0 or later.

Workarounds

Disabling the n8n-nodes-langchain.chatTrigger node (docs)

References

18148

Severity ?
4.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.24.0"
            },
            {
              "fixed": "1.107.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-58177"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-15T17:14:27Z",
    "nvd_published_at": "2025-09-15T17:15:35Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nA stored Cross-Site Scripting (XSS) vulnerability was identified in the `@n8n/n8n-nodes-langchain.chatTrigger` node in n8n. If an authorized user configures the node with malicious JavaScript in the initialMessages field and enables public access, the script will be executed in the browser of anyone who visits the resulting public chat URL.\n\nThis vulnerability could be exploited for phishing or to steal cookies or other sensitive data from users who access the public chat link, posing a security risk.\n\n### Patches\nThis issue has been patched in version 1.107.0 of n8n. Users should upgrade to version 1.107.0 or later.\n\n### Workarounds\nDisabling the `n8n-nodes-langchain.chatTrigger` node ([docs](https://docs.n8n.io/hosting/securing/blocking-nodes/))\n\n### References\n#18148",
  "id": "GHSA-mvh4-2cm2-6hpg",
  "modified": "2025-09-15T20:07:54Z",
  "published": "2025-09-15T17:14:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-mvh4-2cm2-6hpg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58177"
    },
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/pull/18148"
    },
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/commit/d4ef191be0b39b65efa68559a3b8d5dad2e102b2"
    },
    {
      "type": "WEB",
      "url": "https://docs.n8n.io/hosting/securing/blocking-nodes"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/n8n-io/n8n"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.