GHSA-3c7f-5hgj-h279: n8n has XSS in Chat Trigger Node through Custom CSS

March 27, 2026 (updated April 3, 2026)

An authenticated user with permission to create or modify workflows could inject malicious JavaScript into the Custom CSS field of the Chat Trigger node. Due to a misconfiguration in the sanitize-html library, the sanitization could be bypassed, resulting in stored XSS on the public chat page. Any user visiting the chat URL would be affected.

References

github.com/advisories/GHSA-3c7f-5hgj-h279
github.com/n8n-io/n8n
github.com/n8n-io/n8n/security/advisories/GHSA-3c7f-5hgj-h279

Code Behaviors & Features

Detect and mitigate GHSA-3c7f-5hgj-h279 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →