A vulnerability marked as problematic has been reported in n8n-io n8n up to 1.123.54/2.25.6/2.26.1 . The impacted element is an unknown function of the component Content-Security-Policy Handler . Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2026-54301 . The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.