{"id":108007,"date":"2026-04-07T01:00:00","date_gmt":"2026-04-06T23:00:00","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?post_type=zero-post&#038;p=108007"},"modified":"2026-04-01T21:10:33","modified_gmt":"2026-04-01T19:10:33","slug":"same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578","status":"publish","type":"zero-post","link":"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/","title":{"rendered":"Same Origin, Same Tricks: Bypassing n8n&#8217;s CSP Sandbox (CVE-2026-27578)"},"content":{"rendered":"<style type=\"text\/css\">\n@import url(\"https:\/\/cmxiv.net\/cxzero\/cxzero-blog-styles-inject.extracted.css\");\n@import url(\"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/highlight.js\/11.11.1\/styles\/vs2015.min.css\");\n<\/style>\n<script src=\"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/highlight.js\/11.11.1\/highlight.min.js\" integrity=\"sha512-EBLzUL8XLl+va\/zAsmXwS7Z2B1F9HUHkZwyS\/VKwh3S7T\/U0nF4BaU29EP\/ZSf6zgiIxYAnKLu6bJ8dqpmX5uw==\" crossorigin=\"anonymous\" referrerpolicy=\"no-referrer\"><\/script>\n<script>hljs.highlightAll();<\/script>\n\n\n\n\n<p class=\"print-source-info\"><script>\n    document.write(\"&copy;&nbsp;Checkmarx, all rights reserved. Retrieved \" + new Date().toLocaleDateString() + \" from<br\/>\" + window.location.href)<\/script>\n    <noscript>This document &copy;&nbsp;Checkmarx, all rights reserved.<\/noscript>\n<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"Overview:-Stored-XSS-in-open-source-workflow-platform-n8n\">Overview of CVE-2026-27578: Stored XSS in open-source workflow platform n8n<\/h2>\n\n\n\n<p>Checkmarx Zero has discovered a stored cross-site scripting (XSS) vulnerability (CVE-2026-27578) in <a href=\"https:\/\/github.com\/n8n-io\/n8n\">n8n<\/a>, the popular open-source workflow automation platform. The vulnerability allows an authenticated attacker to bypass n8n&#8217;s existing Content Security Policy (CSP) sandbox protections by abusing the Webhook Response functionality with content types not on the denylist (e.g., <code>image\/svg+xml<\/code>).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Impact\">Impact<\/h3>\n\n\n\n<p>Successful exploitation enables arbitrary JavaScript execution in the context of a victim&#8217;s authenticated n8n session. This can lead to session hijacking, credential theft, and full account takeover.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Affected-Users\">Affected Users<\/h3>\n\n\n\n<p>Users running n8n versions:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>&lt; 1.123.22<\/code><\/li>\n\n\n\n<li><code>>= 2.0.0 &lt; 2.9.3<\/code><\/li>\n\n\n\n<li><code>>= 2.10.0 &lt; 2.10.1<\/code><\/li>\n<\/ul>\n\n\n\n<p>The issue is tracked as <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-27578\">CVE-2026-27578<\/a>(<a href=\"https:\/\/github.com\/n8n-io\/n8n\/security\/advisories\/GHSA-2p9h-rqjw-gm92\">Stored XSS via Various Nodes<\/a>, CVSS=8.5) and was addressed in versions:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>2.10.1<\/code><\/li>\n\n\n\n<li><code>2.9.3<\/code><\/li>\n\n\n\n<li><code>1.123.22<\/code><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Remediation\">Remediation<\/h3>\n\n\n\n<p>The issues have been fixed in n8n versions <code>2.10.1<\/code>, <code>2.9.3<\/code>, and <code>1.123.22<\/code>. Users should upgrade to one of these versions or later to remediate the vulnerability.<\/p>\n\n\n    <div class=\"section-zero-article light-theme\">\n        <div class=\"section-zero-article__wrapper\">\n            <div class=\"section-zero-article__nav-wrapper\">\n\t\t\t\t<div class=\"section-article-title\">Get e-mail updates about new Checkmarx Zero research<\/div>\n                <button class=\"section-article-button\">Subscribe to our newsletter                    <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/themes\/checkmarx\/assets\/images\/subscribe-zero\/right_up_big.svg\" alt=\"right\">\n                <\/button>\n            <\/div>\n            <img decoding=\"async\" class=\"visual-image\" src=\"https:\/\/checkmarx.com\/wp-content\/themes\/checkmarx\/assets\/images\/subscribe-zero\/visual-article.png\" alt=\"visual\">\n        <\/div>\n    <\/div>\n\t<!-- zero-subscribe-form-modal -->\n<div class=\"modal zero-subscribe-modal\" id=\"zero-subscribe-modal\">\n    <div class=\"modal__overlay modal__header-overlay\" tabindex=\"-1\">\n        <div class=\"modal__container\">\n            <header class=\"modal__header\" tabindex=\"2\">\n                <button class=\"modal__close-zero\" title=\"Close window\" aria-label=\"Close window\"><\/button>\n                <div class=\"section-subscribe\">\n                    <div class=\"section-subscribe__wrap-form\">\n                        <div class=\"section-subscribe__leftPart\">\n                            <div class=\"zero-modal-container\">\n                                <span class=\"zero-modal-container__title\">Never Miss Checkmarx <br> Zero Research Updates.<\/span>\n                                <span class=\"zero-modal-container__description\">Subscribe today!<\/span>\n                            <\/div>\n                            <img decoding=\"async\" class=\"zero-visual\" src=\"https:\/\/checkmarx.com\/wp-content\/themes\/checkmarx\/assets\/images\/subscribe-zero\/cx_zero_subscribe_visual.webp\" alt=\"visual\">\n                        <\/div>\n                        <div class=\"section-subscribe__form hbsp-form form-with-multi-tags-select\">\n                            <script charset=\"utf-8\" type=\"text\/javascript\" src=\"\/\/js.hsforms.net\/forms\/embed\/v2.js\"><\/script>\n                            <script>\n                                hbspt.forms.create({\n                                    region: \"na1\",\n                                    portalId: \"146169\",\n                                    formId: \"fefb6730-994f-41bf-84ae-79460279a306\",\n                                    onFormReady: function ($form) {\n                                        [\n                                            ...document.querySelectorAll('.hs_firstname'),\n                                            ...document.querySelectorAll('.hs_lastname'),\n                                            ...document.querySelectorAll('.hs_company'),\n                                            ...document.querySelectorAll('.hs_jobtitle'),\n                                            ...document.querySelectorAll('.hs-dependent-field')\n                                        ].forEach(elem => elem.style.display = 'none');\n\n\n                                    },\n                                    onFormSubmit: function ($form) {\n                                        document.querySelector('.zero-visual').style.display = 'none';\n                                        document.querySelector('.section-subscribe__leftPart').style.display = 'none';\n                                        document.querySelector('.form-description').style.display = 'none';\n                                        document.querySelector('.section-subscribe__form').style.margin = 0;\n                                        document.querySelector('.section-subscribe__form').style.padding = 0;\n                                        document.querySelector('.section-subscribe').style.minHeight = '132px';\n                                        document.querySelector('.section-subscribe__wrap-form').style.minHeight = '132px';\n                                        document.querySelector('.subscribe-zero-button__description-wrapper')\n                                            .classList\n                                            .add('subscribe-zero-button__description-hide');\n                                    }\n                                });\n                                document.addEventListener('change', (e) => {\n                                    if (e.target.closest('.hs-input')) {\n                                        [\n                                            ...document.querySelectorAll('.hs_firstname'),\n                                            ...document.querySelectorAll('.hs_lastname'),\n                                            ...document.querySelectorAll('.hs_company'),\n                                            ...document.querySelectorAll('.hs_jobtitle'),\n                                            ...document.querySelectorAll('.hs-dependent-field')\n                                        ].forEach(elem => elem.style.display = 'block');\n                                    }\n\n                                })\n                            <\/script>\n                            <p class=\"form-description\">By submitting my information to Checkmarx, I hereby consent to the terms and conditions found in the <a href=\"\/legal\/privacy-policy\/\" target=\"_blank\">Checkmarx\u00a0Privacy\u00a0Policy<\/a> and to the processing of my personal data as described therein. By clicking submit above, you consent to allow Checkmarx to store and process the personal information submitted above to provide you the content requested.<\/p>\n                        <\/div>\n                    <\/div>\n                <\/div>\n            <\/header>\n        <\/div>\n    <\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"Vulnerability-Drilldown\">n8n CVE-2026-27578 Vulnerability Technical Drilldown<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Introduction\">Introduction<\/h3>\n\n\n\n<p><a href=\"https:\/\/n8n.io\/\"><strong>n8n<\/strong><\/a> is an open-source workflow automation platform that has become one of the most widely adopted tools in its category, with over 178K GitHub stars, and a rapidly growing community of self-hosted and cloud users. It enables developers, DevOps engineers, and increasingly non-technical teams to connect APIs, automate business processes, and build internal tooling through a visual, node-based interface.<\/p>\n\n\n\n<p>Its flexibility is a double-edged sword. n8n workflows can receive external HTTP requests via webhooks, execute arbitrary code, interact with databases, and return custom HTTP responses, all configured through the UI. This power makes n8n a compelling target, especially in multi-user or shared environments.<\/p>\n\n\n\n<p>Checkmarx Zero discovered and responsibly disclosed a Cross-Site Scripting (XSS) vulnerability in some versions of n8n via the \u201c<a href=\"https:\/\/docs.n8n.io\/integrations\/builtin\/core-nodes\/n8n-nodes-base.respondtowebhook\/\">Respond to Webhook<\/a>\u201d node.<\/p>\n\n\n\n<p>n8n&#8217;s maintainers had already recognized the risk of XSS via webhook responses and implemented a mitigation in the form of a \u201cCSP Sandbox\u201d control, attempting to isolate untrusted data from the page. However, the vulnerability Checkmarx Zero uncovered in our research allows attackers to bypass that sandbox and conduct an XSS attack anyway.<\/p>\n\n\n\n<p>We explain below how that mitigation was bypassed, and why the previous underlying design choice, a denylist of dangerous content types, leaves the door open to further abuse.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"High-Level-Flow\">High-Level Flow<\/h3>\n\n\n\n<p>n8n&#8217;s \u201cRespond to Webhook\u201d node allows a workflow author to define a custom HTTP response, including headers, status code, and body, that is returned to the caller when a webhook is triggered.<\/p>\n\n\n\n<p>The problem arises because this response is served <strong>from the n8n application&#8217;s <\/strong><a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Glossary\/Origin\"><strong>own origin<\/strong><\/a>. If an attacker can control the response body and <code>Content-Type<\/code> header, and if the browser interprets that response as renderable content, any embedded scripts will execute with full access to the n8n browser context, including cookies, session storage, and the Document Object Model (DOM).<\/p>\n\n\n\n<p>The attack flow is straightforward:<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>An authenticated attacker creates (or modifies) a workflow containing a Webhook trigger and a \u201cRespond to Webhook\u201d node.<\/li>\n\n\n\n<li>The response is configured to return a body containing a malicious SVG with embedded JavaScript, and a <code>Content-Type<\/code> of <code>image\/svg+xml<\/code>.<\/li>\n\n\n\n<li>The attacker waits for the privileged user to access the webhook URL from the tampered workflow, or just shares the webhook URL with a victim (a legitimate n8n user or administrator).<\/li>\n\n\n\n<li>When the victim visits the URL in their browser, the SVG is rendered, the JavaScript executes on the n8n origin, and the attacker can exfiltrate session data or perform actions on the victim&#8217;s behalf.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"The-CSP-Sandbox\">The CSP Sandbox<\/h3>\n\n\n\n<p>The <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Guides\/CSP\">Content Security Policy (CSP) header<\/a> is a browser security mechanism that controls how web content behaves and interacts with external resources. The <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Reference\/Headers\/Content-Security-Policy\/sandbox\">CSP\u2019s sandbox directive<\/a> places the requested resource into a restricted environment, similar to the <code>sandbox<\/code> attribute on an <code>&lt;iframe&gt;<\/code>. This allows the developer to add strict limitations on the page&#8217;s capabilities, such as blocking pop-ups, preventing the execution of plugins and scripts, and assigning a <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Glossary\/Origin#opaque_origin\">unique opaque origin<\/a> to the content (effectively restricting access to the original origin resources).<\/p>\n\n\n\n<p>In scenarios like this, where n8n needs to prevent webhook-served content from accessing resources on the same origin (where the &#8220;Respond to Webhook&#8221; node runs), the CSP <code>sandbox<\/code> directive is the way to go.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"The-Existing-Mitigation-and-Why-It-Failed\">The Existing Mitigation and Why It Failed<\/h3>\n\n\n\n<p>n8n&#8217;s developers were aware of the risk. The codebase includes a function called <code>isHtmlRenderedContentType<\/code> that checks the <code>Content-Type<\/code> of a webhook response against a <a href=\"https:\/\/github.com\/n8n-io\/n8n\/blob\/da11043e960518a68facc272ac3bd8368180242f\/packages\/core\/src\/html-sandbox.ts#L19-L25\">denylist of MIME types<\/a> known to be rendered as HTML by browsers. When a match is found, n8n adds a CSP sandbox to the response, which should theoretically protect users from malicious content served through the &#8220;Respond to Webhook&#8221; node.<\/p>\n\n\n\n<p>For example, a response with <code>Content-Type: text\/html<\/code> is correctly intercepted. The CSP sandbox prevents scripts served by the &#8220;Respond to Webhook&#8221; node from accessing resources, such as cookies, that belong to the user on the same origin.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"800\" height=\"418\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260222-151427.webp\" alt=\"\" class=\"wp-image-108008\" srcset=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260222-151427.webp 800w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260222-151427-300x157.webp 300w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260222-151427-768x401.webp 768w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260222-151427-400x209.webp 400w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><figcaption class=\"wp-element-caption\">A response returned by \u201cResponse to Webhook\u201d node with the header <code>Content-Type: text\/html<\/code><\/figcaption><\/figure>\n<\/div>\n\n\n<p>However, <code>image\/svg+xml<\/code> was not included in this denylist. SVG is a first-class citizen in the browser rendering engine. It is an XML document that is rendered inline as an image, but it supports the full SVG DOM which, critically, can contain <code>&lt;script><\/code> elements that execute JavaScript in the context of the document&#8217;s origin. By setting the response <code>Content-Type<\/code> to <code>image\/svg+xml<\/code> and embedding a script payload in the SVG body, the CSP sandbox was bypassed entirely:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"800\" height=\"582\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260222-151449.webp\" alt=\"\" class=\"wp-image-108009\" srcset=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260222-151449.webp 800w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260222-151449-300x218.webp 300w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260222-151449-768x559.webp 768w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260222-151449-400x291.webp 400w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\" id=\"The-Deeper-Problem:-Denylist-vs.-Allowlist\">The Deeper Problem: Denylist vs. Allowlist<\/h3>\n\n\n\n<p>The SVG bypass is a clear and practical vulnerability, but it is symptomatic of a more fundamental design issue: the use of a denylist to identify dangerous content types.<\/p>\n\n\n\n<p>The old mitigation resides in the <a href=\"https:\/\/github.com\/n8n-io\/n8n\/blob\/21eec59aa43e2a55b6e19f167a4bba0ac8b403cc\/packages\/core\/src\/html-sandbox.ts#L19-L26\">html-sandbox.ts<\/a> file.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"1024\" height=\"226\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260303-105512-1024x226.webp\" alt=\"\" class=\"wp-image-108010\" srcset=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260303-105512-1024x226.webp 1024w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260303-105512-300x66.webp 300w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260303-105512-768x169.webp 768w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260303-105512-400x88.webp 400w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260303-105512.webp 1117w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Sandbox is only applied if the <code>Content-Type<\/code> used is one of the above<\/figcaption><\/figure>\n<\/div>\n\n\n<p>A denylist approach requires the developers to anticipate every MIME type a browser might render as executable content, now and in the future. This is a losing game. Browser behavior around content types is complex, inconsistent across vendors, and subject to change. Two areas illustrate this risk:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Content-Type interpretation quirks:<\/strong> Different browsers handle unusual or malformed <code>Content-Type<\/code> values differently, and some of these discrepancies can be exploited to execute scripts. <a href=\"https:\/\/github.com\/BlackFan\/content-type-research\/blob\/master\/XSS.md\">BlackFan&#8217;s content-type research<\/a> catalogs numerous such cases, including types and payloads that trigger XSS across specific browser versions.<\/li>\n\n\n\n<li>\n<strong>MIME type sniffing:<\/strong> Browsers may ignore the declared <code>Content-Type<\/code> header and infer the actual type from the response body. This behavior can cause a response declared as a benign type to be rendered as HTML or script. A detailed treatment of MIME sniffing edge cases is available in <a href=\"https:\/\/aszx87410.github.io\/beyond-xss\/en\/ch5\/mime-sniffing\/\">Huli&#8217;s &#8220;Beyond XSS&#8221; research<\/a>.<\/li>\n<\/ul>\n\n\n\n<p>Any of these edge cases could yield additional bypasses of the denylist. The recommended approach is to replace the denylist with a strict allowlist of known-safe MIME types (for instance, based on <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Guides\/MIME_types\/Common_types\">MDN&#8217;s common MIME types reference<\/a> and the references mentioned above). All content types not explicitly on the allowlist should be treated as potentially dangerous and served within the CSP sandbox.<\/p>\n\n\n\n<p>An even better solution, though, is to simply add the CSP sandbox header to any webhook response returned by the \u201cRespond to Webhook\u201d node. This is the mitigation chosen by the n8n team, as there are no real benefits in having specific webhook responses without the sandbox.<\/p>\n\n\n\n<p>The function <code>isHtmlRenderedContentType<\/code> was removed from <a href=\"https:\/\/github.com\/n8n-io\/n8n\/blob\/062644ef786b6af480afe4a0f12bc6d70040534a\/packages\/core\/src\/html-sandbox.ts\">html-sandbox.ts<\/a>, and now the header is <a href=\"https:\/\/github.com\/n8n-io\/n8n\/blob\/062644ef786b6af480afe4a0f12bc6d70040534a\/packages\/cli\/src\/webhooks\/webhook-request-handler.ts#L138-L144\">set in every response, unless protection is explicitly disabled<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"Could-AI-Find-This?\">Could AI have found the n8n CVE-2026-27578?<\/h2>\n\n\n\n<p>The short answer is maybe: it\u2019s possible, but definitely not guaranteed.<\/p>\n\n\n\n<p>As you may know, our team recently conducted a deep dive into zero-day identification using LLMs (<a href=\"https:\/\/checkmarx.com\/zero-post\/learning-about-llm-based-zero-day-hunting-with-claude-codes-opus-4-6\/\">Hunting 0-days with Opus 4.6<\/a>, <a href=\"https:\/\/checkmarx.com\/zero-post\/unearned-confidence-ai-security-reviewers-dont-really-get-it\/\">The Unearned Confidence<\/a>).<\/p>\n\n\n\n<p>One of the techniques we explored was asking Claude to analyze historical CVE patches to determine whether the fix truly resolved the vulnerability, or quietly introduced a new one.<\/p>\n\n\n\n<p>This Stored XSS was one such example. We provided Claude with a previous CVE, its fix, and some additional context:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-25051\">CVE-2026-25051<\/a><\/li>\n\n\n\n<li>The corresponding <a href=\"https:\/\/github.com\/n8n-io\/n8n\/commit\/e8cf4d6bb3af94dc296cbb67bc3dd20e9b508ac9\">commit<\/a> &amp; and full file contents (of those that changed)<\/li>\n<\/ul>\n\n\n\n<p>We did this a few times with different models and got a bunch of different, inconsistent results.<br>Here are just two examples (prompts were identical):<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"Opus-4.6---First-Try\">Opus 4.6 &#8211; First Try<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"647\" height=\"289\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105503.webp\" alt=\"\" class=\"wp-image-108011\" srcset=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105503.webp 647w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105503-300x134.webp 300w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105503-400x179.webp 400w\" sizes=\"(max-width: 647px) 100vw, 647px\" \/><figcaption class=\"wp-element-caption\">First analysis completly miss the vulnerability<\/figcaption><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\">Opus 4.6 &#8211; Second Try<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"643\" height=\"581\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105241.webp\" alt=\"\" class=\"wp-image-108012\" srcset=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105241.webp 643w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105241-300x271.webp 300w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105241-332x300.webp 332w\" sizes=\"(max-width: 643px) 100vw, 643px\" \/><figcaption class=\"wp-element-caption\">Opus 4.6\u2019s second analysis was much more accurate<\/figcaption><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\">Sonnet Analysis<\/h3>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"732\" height=\"460\" src=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105959.webp\" alt=\"\" class=\"wp-image-108013\" srcset=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105959.webp 732w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105959-300x189.webp 300w, https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/03\/image-20260309-105959-400x251.webp 400w\" sizes=\"(max-width: 732px) 100vw, 732px\" \/><figcaption class=\"wp-element-caption\">Sonnet analysis was right, but for the wrong reasons<\/figcaption><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\">So was AI right? Not really&#8230;<\/h3>\n\n\n\n<p>Let\u2019s be clear: the pattern in that code sample, a denylist, is something most security professionals would at least have a gut feeling about. Denylists are notoriously difficult to implement correctly in many contexts, especially when combined with the well-known SVG bypass technique for XSS.<\/p>\n\n\n\n<p>Yet when this <em>single file<\/em> was analyzed by multiple LLMs, the denylist was often not flagged. Even when the same file was analyzed multiple times by the same model, it did not consistently identify the vulnerable pattern. Honestly? We expected it to catch this.<\/p>\n\n\n\n<p>This is another reminder that an autonomous AI agent, operating without a security professional applying critical thinking and domain expertise, is not enough. In some cases, it can even create a false sense of security while real issues remain undetected.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"Summary\">Summary of n8n CVE-2026-27578<\/h2>\n\n\n\n<p>A CSP sandbox bypass in n8n&#8217;s webhook response handling was found and fixed. The platform&#8217;s existing XSS mitigation relied on a denylist of content types deemed capable of rendering HTML. By responding with <code>Content-Type<\/code>s absent from the denylist but capable of executing JavaScript in the browser, an authenticated attacker could run arbitrary scripts on the n8n origin, leading to session hijacking and account takeover.<\/p>\n\n\n\n<p>Beyond the specific SVG vector, this research highlights the inherent fragility of denylist-based content type filtering. Browser MIME sniffing behavior and cross-browser content type interpretation quirks present an open-ended set of potential bypass vectors.<\/p>\n\n\n\n<p>Organizations running affected versions of n8n should upgrade to <code>2.10.1<\/code>, <code>2.9.3<\/code>, or <code>1.123.22<\/code> immediately.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"Responsible-Disclosure-Timeline\">CVE-2026-27578 Responsible Disclosure Timeline<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody>\n<tr>\n<th class=\"has-text-align-left\" data-align=\"left\">Date<\/th>\n<th class=\"has-text-align-left\" data-align=\"left\">Event<\/th>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\">Feb 10, 2026<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Vulnerability reported to the n8n security team.<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\">Feb 11, 2026<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Additional context on denylist risks shared with n8n<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\">Feb 11, 2026<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">n8n acknowledged the report &amp; accept it<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\">Feb 25, 2026<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Fix released in n8n <code>2.10.1<\/code>, <code>2.9.3<\/code>, <code>1.123.22<\/code>.<\/td>\n<\/tr>\n<tr>\n<td class=\"has-text-align-left\" data-align=\"left\">Feb 25, 2026<\/td>\n<td class=\"has-text-align-left\" data-align=\"left\">Published: <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-27578\">CVE-2026-27578<\/a> &amp; <a href=\"https:\/\/github.com\/n8n-io\/n8n\/security\/advisories\/GHSA-2p9h-rqjw-gm92\">Advisory<\/a>\n<\/td>\n<\/tr>\n<\/tbody><\/table><\/figure>\n\n\n\n<style type=\"text\/css\">.cxzero-social{margin-top:1em;padding-top:1em;border-top:1px solid #121086;border-bottom:1px solid #121086;padding-bottom:1em}.cxzero-social p{padding-top:.8em}.cxzero-social .cxzero-social-links{margin-left:.8em}.cxzero-social .social-link{margin-left:.6em}.cxzero-social .social-button{padding:.6em;margin:.2em .2em .2em .2em;white-space:nowrap}.cxzero-social .social-button svg,.cxzero-social .social-link svg{vertical-align:middle;height:1.3em}.cxzero-social .social-button a,.cxzero-social .social-link a{text-decoration:none !important}<\/style> <div class=\"cxzero-social\">\n<p> <span class=\"social-button\"><a class=\"social-action\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url={url}\" onload=\"\"><svg id=\"Layer_1\" data-name=\"Layer 1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" alt=\"LinkedIn Icon\" viewbox=\"0 0 122.88 122.31\"><defs><style>.cls-1{fill:#0a66c2}.cls-1,.cls-2{fill-rule:evenodd}.cls-2{fill:#fff}<\/style><\/defs><title>linkedin-app<\/title>\n<path class=\"cls-1\" d=\"M27.75,0H95.13a27.83,27.83,0,0,1,27.75,27.75V94.57a27.83,27.83,0,0,1-27.75,27.74H27.75A27.83,27.83,0,0,1,0,94.57V27.75A27.83,27.83,0,0,1,27.75,0Z\"><\/path><path class=\"cls-2\" d=\"M49.19,47.41H64.72v8h.22c2.17-3.88,7.45-8,15.34-8,16.39,0,19.42,10.2,19.42,23.47V98.94H83.51V74c0-5.71-.12-13.06-8.42-13.06s-9.72,6.21-9.72,12.65v25.4H49.19V47.41ZM40,31.79a8.42,8.42,0,1,1-8.42-8.42A8.43,8.43,0,0,1,40,31.79ZM23.18,47.41H40V98.94H23.18V47.41Z\"><\/path><\/svg> Share on LinkedIn<\/a><\/span> <span class=\"social-button\"><a class=\"social-action\" href=\"https:\/\/bsky.app\/intent\/compose?text=I%20just%20read%20%22{title}%22%20from%20Checkmarx%20Zero%20{url}\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" shape-rendering=\"geometricPrecision\" text-rendering=\"geometricPrecision\" image-rendering=\"optimizeQuality\" fill-rule=\"evenodd\" clip-rule=\"evenodd\" alt=\"Bluesky Icon\" viewbox=\"0 0 511.999 452.266\"> <path fill=\"#0085FF\" fill-rule=\"nonzero\" d=\"M110.985 30.442c58.695 44.217 121.837 133.856 145.013 181.961 23.176-48.105 86.322-137.744 145.016-181.961 42.361-31.897 110.985-56.584 110.985 21.96 0 15.681-8.962 131.776-14.223 150.628-18.272 65.516-84.873 82.228-144.112 72.116 103.55 17.68 129.889 76.238 73 134.8-108.04 111.223-155.288-27.905-167.385-63.554-3.489-10.262-2.991-10.498-6.561 0-12.098 35.649-59.342 174.777-167.382 63.554-56.89-58.562-30.551-117.12 72.999-134.8-59.239 10.112-125.84-6.6-144.112-72.116C8.962 184.178 0 68.083 0 52.402c0-78.544 68.633-53.857 110.985-21.96z\"><\/path><\/svg> Share on Bluesky<\/a><\/span> <\/p>\n<p class=\"cxzero-social-links\">Follow <a href=\"\/zero\/\">Checkmarx Zero<\/a>: <span class=\"social-link\"><a class=\"social-con\" href=\"https:\/\/www.linkedin.com\/showcase\/checkmarx-zero\"><svg id=\"Layer_1\" data-name=\"Layer 1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" alt=\"Checkmarx Zero on LinkedIn\" viewbox=\"0 0 122.88 122.31\"><defs><style>.cls-1{fill:#0a66c2}.cls-1,.cls-2{fill-rule:evenodd}.cls-2{fill:#fff}<\/style><\/defs><title>linkedin-app<\/title>\n<path class=\"cls-1\" d=\"M27.75,0H95.13a27.83,27.83,0,0,1,27.75,27.75V94.57a27.83,27.83,0,0,1-27.75,27.74H27.75A27.83,27.83,0,0,1,0,94.57V27.75A27.83,27.83,0,0,1,27.75,0Z\"><\/path><path class=\"cls-2\" d=\"M49.19,47.41H64.72v8h.22c2.17-3.88,7.45-8,15.34-8,16.39,0,19.42,10.2,19.42,23.47V98.94H83.51V74c0-5.71-.12-13.06-8.42-13.06s-9.72,6.21-9.72,12.65v25.4H49.19V47.41ZM40,31.79a8.42,8.42,0,1,1-8.42-8.42A8.43,8.43,0,0,1,40,31.79ZM23.18,47.41H40V98.94H23.18V47.41Z\"><\/path><\/svg> <\/a><\/span> <span class=\"social-link\"><a class=\"social-icon\" href=\"https:\/\/bsky.app\/profile\/checkmarxzero.bsky.social\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" shape-rendering=\"geometricPrecision\" text-rendering=\"geometricPrecision\" image-rendering=\"optimizeQuality\" fill-rule=\"evenodd\" clip-rule=\"evenodd\" alt=\"Checkmarx Zero on Bluesky\" viewbox=\"0 0 511.999 452.266\"> <path fill=\"#0085FF\" fill-rule=\"nonzero\" d=\"M110.985 30.442c58.695 44.217 121.837 133.856 145.013 181.961 23.176-48.105 86.322-137.744 145.016-181.961 42.361-31.897 110.985-56.584 110.985 21.96 0 15.681-8.962 131.776-14.223 150.628-18.272 65.516-84.873 82.228-144.112 72.116 103.55 17.68 129.889 76.238 73 134.8-108.04 111.223-155.288-27.905-167.385-63.554-3.489-10.262-2.991-10.498-6.561 0-12.098 35.649-59.342 174.777-167.382 63.554-56.89-58.562-30.551-117.12 72.999-134.8-59.239 10.112-125.84-6.6-144.112-72.116C8.962 184.178 0 68.083 0 52.402c0-78.544 68.633-53.857 110.985-21.96z\"><\/path><\/svg> <\/a><\/span> <span class=\"social-link\"><a class=\"social-con\" href=\"https:\/\/x.com\/CheckmarxZero\"><svg alt=\"Checkmarx Zero on X\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" shape-rendering=\"geometricPrecision\" text-rendering=\"geometricPrecision\" image-rendering=\"optimizeQuality\" fill-rule=\"evenodd\" clip-rule=\"evenodd\" viewbox=\"0 0 512 462.799\"><path fill-rule=\"nonzero\" d=\"M403.229 0h78.506L310.219 196.04 512 462.799H354.002L230.261 301.007 88.669 462.799h-78.56l183.455-209.683L0 0h161.999l111.856 147.88L403.229 0zm-27.556 415.805h43.505L138.363 44.527h-46.68l283.99 371.278z\"><\/path><\/svg> <\/a><\/span> <\/p> <script>function social_action_template(a){const b=encodeURIComponent(window.location.href);const c=document.querySelector(\"h1\");let headContent=(c==null?\"\":c.textContent);let processed=a.replace(\/\\{title\\}\/g,encodeURIComponent(headContent));processed=processed.replace(\/\\{url\\}\/g,b);return processed}var socialAction=document.getElementsByClassName(\"social-action\");console.log(socialAction);for(e=0;e<socialAction.length;e++){element=socialAction.item(e);console.log(element);element.href=social_action_template(element.href)};<\/script> <\/div>","protected":false},"excerpt":{"rendered":"<p>A stored XSS in n8n let authenticated attackers bypass webhook sandbox protections and execute JavaScript in a victim\u2019s session. Checkmarx Zero explains how an SVG-based content-type bypass broke a denylist-based defense, why that design was fragile, and what versions fix the issue.<\/p>\n","protected":false},"author":121,"featured_media":108042,"template":"","zero-category":[1067,1176,1333,1104],"zero-tag":[1512,1128,1511,1484,1117],"class_list":["post-108007","zero-post","type-zero-post","status-publish","has-post-thumbnail","hentry","zero-category-blog","zero-category-security-blogs","zero-category-security-news","zero-category-technical-blog","zero-tag-bypass","zero-tag-cve","zero-tag-disclosure","zero-tag-n8n","zero-tag-xss"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Same Origin, Same Tricks: Bypassing n8n&#039;s CSP Sandbox (CVE-2026-27578) - Checkmarx<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Same Origin, Same Tricks: Bypassing n8n&#039;s CSP Sandbox (CVE-2026-27578) - Checkmarx\" \/>\n<meta property=\"og:description\" content=\"A stored XSS in n8n let authenticated attackers bypass webhook sandbox protections and execute JavaScript in a victim\u2019s session. Checkmarx Zero explains how an SVG-based content-type bypass broke a denylist-based defense, why that design was fragile, and what versions fix the issue.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/cxzero-feature_n8n-csp-bypass-stored-xss_CVE-2026-27578.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/\",\"url\":\"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/\",\"name\":\"Same Origin, Same Tricks: Bypassing n8n's CSP Sandbox (CVE-2026-27578) - Checkmarx\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/cxzero-feature_n8n-csp-bypass-stored-xss_CVE-2026-27578.webp\",\"datePublished\":\"2026-04-06T23:00:00+00:00\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/cxzero-feature_n8n-csp-bypass-stored-xss_CVE-2026-27578.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/cxzero-feature_n8n-csp-bypass-stored-xss_CVE-2026-27578.webp\",\"width\":2560,\"height\":1280,\"caption\":\"A dark, grunge-style illustration about a cybersecurity exploit. It features a large red eye, hooded figures, a spider, a spiderweb, and text 'CVE-2026-27578 XSS Exploit'. Code snippets like `` and `` are visible, along with the 'n8n' logo and 'Webhook Node' diagram. The 'Checkmarx ZERO' logo is in the bottom right.\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Same Origin, Same Tricks: Bypassing n8n's CSP Sandbox (CVE-2026-27578) - Checkmarx","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/","og_locale":"en_US","og_type":"article","og_title":"Same Origin, Same Tricks: Bypassing n8n's CSP Sandbox (CVE-2026-27578) - Checkmarx","og_description":"A stored XSS in n8n let authenticated attackers bypass webhook sandbox protections and execute JavaScript in a victim\u2019s session. Checkmarx Zero explains how an SVG-based content-type bypass broke a denylist-based defense, why that design was fragile, and what versions fix the issue.","og_url":"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","og_image":[{"width":2560,"height":1280,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/cxzero-feature_n8n-csp-bypass-stored-xss_CVE-2026-27578.webp","type":"image\/webp"}],"twitter_card":"summary_large_image","twitter_site":"@checkmarx","twitter_misc":{"Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/","url":"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/","name":"Same Origin, Same Tricks: Bypassing n8n's CSP Sandbox (CVE-2026-27578) - Checkmarx","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/cxzero-feature_n8n-csp-bypass-stored-xss_CVE-2026-27578.webp","datePublished":"2026-04-06T23:00:00+00:00","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/zero-post\/same-origin-same-tricks-bypassing-n8ns-csp-sandbox-cve-2026-27578\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/cxzero-feature_n8n-csp-bypass-stored-xss_CVE-2026-27578.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/cxzero-feature_n8n-csp-bypass-stored-xss_CVE-2026-27578.webp","width":2560,"height":1280,"caption":"A dark, grunge-style illustration about a cybersecurity exploit. It features a large red eye, hooded figures, a spider, a spiderweb, and text 'CVE-2026-27578 XSS Exploit'. Code snippets like `` and `` are visible, along with the 'n8n' logo and 'Webhook Node' diagram. The 'Checkmarx ZERO' logo is in the bottom right."},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-post\/108007","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-post"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/zero-post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/121"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/108042"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=108007"}],"wp:term":[{"taxonomy":"zero-category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-category?post=108007"},{"taxonomy":"zero-tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-tag?post=108007"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}