CVE-2026-33749
Published: 25 March 2026
Summary
CVE-2026-33749 is a critical-severity Cross-site Scripting (CWE-79) vulnerability in N8N N8N. Its CVSS base score is 9.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly filters and restricts binary data outputs from the /rest/binary-data endpoint to prevent inline rendering of malicious HTML with executable JavaScript.
Enforces configuration settings on the web server to include Content-Disposition: attachment and Content-Security-Policy headers for binary responses, blocking XSS execution.
Applies least privilege to restrict workflow creation and modification permissions to fully trusted users, mitigating low-privileged user exploitation as recommended in the advisory.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XSS in accessible web workflow app directly enables T1190 (exploit of the n8n endpoint serving attacker-controlled HTML/JS), T1068 (low-priv workflow creator escalates to admin via victim session), and T1185 (arbitrary same-origin JS execution hijacks authenticated browser session for data theft or actions).
NVD Description
n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The…
more
`/rest/binary-data` endpoint served such responses inline on the n8n origin without `Content-Disposition` or `Content-Security-Policy` headers, allowing the HTML to render in the browser with full same-origin JavaScript access. By sending the resulting URL to a higher-privileged user, an attacker could execute JavaScript in the victim's authenticated session, enabling exfiltration of workflows and credentials, modification of workflows, or privilege escalation to admin. The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or restrict network access to the n8n instance to prevent untrusted users from accessing binary data URLs. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
Deeper analysisAI
CVE-2026-33749 is a cross-site scripting (XSS) vulnerability, classified under CWE-79, affecting the open-source workflow automation platform n8n in versions prior to 1.123.27, 2.13.3, and 2.14.1. An authenticated user with permission to create or modify workflows can craft a malicious workflow that generates an HTML binary data object lacking a filename. The `/rest/binary-data` endpoint serves this content inline on the n8n origin without `Content-Disposition` or `Content-Security-Policy` headers, enabling the HTML to render directly in the browser with full same-origin JavaScript execution capabilities. The vulnerability carries a CVSS v3.1 base score of 9.0 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).
The attack requires an authenticated low-privileged user who can create or edit workflows to exploit it. The attacker crafts the malicious workflow, obtains the resulting binary data URL, and sends it to a higher-privileged victim, such as an administrator. When the victim accesses the URL in their authenticated browser session, the embedded HTML executes JavaScript with the victim's same-origin privileges, allowing the attacker to exfiltrate workflows and credentials, modify workflows, or escalate privileges to admin level.
The n8n security advisory recommends upgrading to versions 1.123.27, 2.13.3, or 2.14.1 or later to fully remediate the issue. As temporary mitigations until patching is possible, administrators should limit workflow creation and editing permissions to fully trusted users and restrict network access to the n8n instance to prevent untrusted users from reaching binary data URLs; however, these measures do not fully eliminate the risk. Details are available in the advisory at https://github.com/n8n-io/n8n/security/advisories/GHSA-qfc3-hm4j-7q77.
Details
- CWE(s)