1  info:
 2    name: langchain
 3    cve: CVE-2025-56265
 4    summary: N8N's Chat Trigger component is vulnerable to XSS due to arbitrary file upload.
 5    details: |
 6      An arbitrary file upload vulnerability exists in the Chat Trigger component of N8N versions v1.95.3, v1.100.1, and v1.101.1. Attackers can exploit this by uploading a crafted HTML file, which can lead to the execution of arbitrary code.
 7    cvss: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
 8    severity: HIGH
 9    security_advise: |
10      1. Upgrade N8N to version 1.107.0 or later.
11      2. Implement strict file type validation for uploads in the Chat Trigger component.
12      3. Ensure proper sanitization of user-supplied content to prevent XSS attacks.
13  rule: version < "1.107.0"
14  references:
15    - https://nvd.nist.gov/vuln/detail/CVE-2025-56265
16    - https://github.com/n8n-io/n8n/pull/18148
17    - https://github.com/n8n-io/n8n
18    - https://github.com/n8n-io/n8n/releases/tag/n8n%401.107.0
19    - https://github.com/nikolas-ch/CVEs/blob/main/N8N/N8N_v1.100.1/ChatTrigger_StoredXSSviaUnrestrictedFileUpload/StoredXSSviaUnristrictedFileUpload.txt