Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionGitHub Advisory
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part of node configuration, an attacker could write attacker-controlled values onto Object.prototype. An attacker could use this prototype pollution to achieve remote code execution on the n8n instance. The issue has been fixed in n8n versions 2.14.1, 2.13.3, and 1.123.27. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or disable the XML node by adding n8n-nodes-base.xml to the NODES_EXCLUDE environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
Articles & Coverage 2
AnalysisAI
A prototype pollution vulnerability in the XML and GSuiteAdmin nodes of n8n workflow automation platform allows authenticated users with workflow creation or modification permissions to achieve remote code execution. Versions prior to 2.14.1, 2.13.3, and 1.123.27 are affected. The CVSS score of 9.4 (Critical) reflects network-based exploitation with low complexity requiring only low-level authentication, though no current KEV listing or public POC availability is indicated in the provided intelligence.
Technical ContextAI
The vulnerability affects n8n (CPE: cpe:2.3:a:n8n-io:n8n), an open-source workflow automation platform built on Node.js. The issue stems from CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes, commonly known as Prototype Pollution), a JavaScript-specific vulnerability class where attackers can inject properties into Object.prototype. In this case, the XML and GSuiteAdmin nodes fail to properly validate or sanitize node configuration parameters, allowing crafted input to pollute the prototype chain. Because JavaScript property lookups traverse the prototype chain, pollution of Object.prototype affects all objects in the runtime, enabling attackers to override critical properties and achieve code execution through subsequent operations that rely on these polluted values.
RemediationAI
Upgrade n8n to version 2.14.1, 2.13.3, or 1.123.27 or later immediately to fully remediate this vulnerability. Consult the official GitHub security advisory at https://github.com/n8n-io/n8n/security/advisories/GHSA-mxrg-77hm-89hv for version-specific upgrade guidance. If immediate patching is not feasible, implement temporary mitigations by restricting workflow creation and editing permissions exclusively to fully trusted users, and disable the XML node by adding n8n-nodes-base.xml to the NODES_EXCLUDE environment variable. Note that these workarounds provide only partial risk reduction and should be considered short-term measures only, as the GSuiteAdmin node remains a potential attack vector. Organizations should prioritize full version upgrades and conduct security reviews of existing workflows created by potentially untrusted users during the vulnerable period.
More in Prototype Pollution
View allPrototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execu
Prototype pollution in the farinspace Partners WordPress plugin (versions up to and including 0.2.0) enables remote unau
Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service
A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code vi
A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function
All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper s
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitr
Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Ser
alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/inde
A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConf
A Prototype Pollution vulnerability in the util-deps.addFileDepend function of magix-combine-ex versions thru 1.2.10 all
Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. Rated critical severity (CVSS 9.8), this
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15945
GHSA-mxrg-77hm-89hv