n8n WebSocket Chat Execution Hijacking Vulnerability

A vulnerability in n8n's WebSocket chat endpoint allowed unauthorized connections to interact with workflow executions. This issue affected versions prior to 1.123.32, 2.17.4, and 2.18.1. The vulnerability arose because the chat endpoint did not verify if a connection was authorized to engage with a specific execution. An unauthenticated remote attacker could exploit this by identifying a valid execution ID for a workflow that was waiting, attaching to that execution, and intercepting prompts meant for the legitimate user. The attacker could then submit input to influence the workflow's progression or behavior.

Impact

Exploitation of this vulnerability allowed unauthorized users to hijack chat executions, intercept messages, and manipulate workflow actions, potentially disrupting automated processes or causing unintended outcomes.

Remediation

Users are advised to upgrade to n8n versions 1.123.32, 2.17.4, or 2.18.1. If an immediate upgrade is not possible, authentication should be enabled on all Chat Trigger nodes by selecting 'n8n User Auth' instead of 'None'.