Main Vulnerability Database Vulnerabilities #VU128724

Open redirect in n8n - #VU128724

Published: April 30, 2026

Vulnerability identifier: #VU128724

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-601

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: n8n

Affected software:
n8n

Detailed vulnerability description

The vulnerability allows a remote user to redirect end users to an arbitrary external URL.

The vulnerability exists due to an overly permissive iframe sandbox policy in the Form Node when rendering form content. A remote user can configure a crafted form to redirect end users to an arbitrary external URL.

User interaction is required when an end user visits the form.

Remediation

Install security update from vendor's website.

Sources

https://github.com/n8n-io/n8n/security/advisories/GHSA-w673-8fjw-457c

Open redirect in n8n - #VU128724

Detailed vulnerability description

Remediation

Sources

Please verify you're human