CVE-2026-33696

| EUVD-2026-15945 CRITICAL
2026-03-25 GitHub_M GHSA-mxrg-77hm-89hv
9.4
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
PoC Detected
Mar 27, 2026 - 19:40 vuln.today
Public exploit code
Analysis Generated
Mar 25, 2026 - 18:01 vuln.today
EUVD ID Assigned
Mar 25, 2026 - 18:01 euvd
EUVD-2026-15945
CVE Published
Mar 25, 2026 - 17:40 nvd
CRITICAL 9.4

Tags

Prototype Pollution RCE

Description

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part of node configuration, an attacker could write attacker-controlled values onto `Object.prototype`. An attacker could use this prototype pollution to achieve remote code execution on the n8n instance. The issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.27. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or disable the XML node by adding `n8n-nodes-base.xml` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

Analysis

A prototype pollution vulnerability in the XML and GSuiteAdmin nodes of n8n workflow automation platform allows authenticated users with workflow creation or modification permissions to achieve remote code execution. Versions prior to 2.14.1, 2.13.3, and 1.123.27 are affected. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Inventory all n8n instances and document current versions; audit user access logs for XML and GSuiteAdmin node usage; restrict workflow creation/modification permissions to essential personnel only. Within 7 days: Test and deploy patched versions (2.14.1, 2.13.3, or 1.123.27) in a staged manner beginning with non-production environments. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

67
Low Medium High Critical
KEV: 0
EPSS: +0.5
CVSS: +47
POC: +20

Share

CVE-2026-33696 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy