AI Threat Alert AI Threat Alert

CVE-2026-42228

GHSA-f77h-j2v7-g6mw MEDIUM
Published April 29, 2026

## Impact The `/chat` WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated remote attacker who could identify a valid execution ID for a workflow in a waiting state...

Full CISO analysis pending enrichment.

Affected Systems

Package Ecosystem Vulnerable Range Patched
n8n npm < 1.123.32 1.123.32
185.6K OpenSSF 6.0 16 dependents Pushed 4d ago 38% patched ~1d to patch Full package profile →

Do you use n8n? You're affected.

Severity & Risk

CVSS 3.1
5.4 / 10
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
N/A

Attack Surface

AV AC PR UI S C I A
AV Network
AC High
PR None
UI None
S Changed
C Low
I Low
A None

Recommended Action

Patch available

Update n8n to version 1.123.32

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-42228?

n8n Vulnerable to Hijacking of Unauthenticated Chat Execution

Is CVE-2026-42228 actively exploited?

No confirmed active exploitation of CVE-2026-42228 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-42228?

Update to patched version: n8n 1.123.32.

What is the CVSS score for CVE-2026-42228?

CVE-2026-42228 has a CVSS v3.1 base score of 5.4 (MEDIUM).

Technical Details

NVD Description

## Impact The `/chat` WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated remote attacker who could identify a valid execution ID for a workflow in a waiting state could attach to that execution, receive the pending prompt intended for the legitimate user, and submit arbitrary input to resume or influence downstream workflow behavior. Exploitation requires the following conditions: - The instance exposes a public Hosted Chat workflow with authentication set to `None`. - A target execution is in a waiting state at the time of the attack. - The attacker can obtain or discover the execution ID of that waiting execution. ## Patches The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability. ## Workarounds If upgrading is not immediately possible, administrators should consider the following temporary mitigations: - Enable authentication on all Chat Trigger nodes by setting the Authentication field to `n8n User Auth` rather than `None`. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

Weaknesses (CWE)

CWE-862 Missing Authorization Primary

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

References

Timeline

Published
April 29, 2026
Last Modified
April 29, 2026
First Seen
April 30, 2026

Related Vulnerabilities

CRITICAL CVE-2026-33663 10.0

n8n: member role steals plaintext HTTP credentials

Same package: n8n
CRITICAL CVE-2026-42232 10.0

Analysis pending

Same package: n8n
CRITICAL CVE-2026-21858 10.0

n8n: Input Validation flaw enables exploitation

Same package: n8n
CRITICAL CVE-2026-33660 10.0

TensorFlow: type confusion NPD in tensor conversion

Same package: n8n
CRITICAL CVE-2026-42231 10.0

Analysis pending

Same package: n8n
Back to Threat Feed