Skip to main content

n8n CVE-2026-42231

| EUVDEUVD-2026-27102 CRITICAL
Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) (CWE-1321)
2026-04-29 https://github.com/n8n-io/n8n GHSA-q5f4-99jv-pgg5
9.4
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
9.4 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Patch available
May 04, 2026 - 20:01 EUVD
Re-analysis Queued
May 04, 2026 - 19:22 vuln.today
cvss_changed
CVSS changed
May 04, 2026 - 19:22 NVD
10.0 (CRITICAL) 9.4 (CRITICAL)
Source Code Evidence Fetched
Apr 29, 2026 - 22:02 vuln.today
Analysis Generated
Apr 29, 2026 - 22:02 vuln.today
Analysis Generated
Apr 29, 2026 - 21:30 vuln.today
CVE Published
Apr 29, 2026 - 21:25 nvd
CRITICAL 10.0

DescriptionGitHub Advisory

Impact

A flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modify workflows could exploit this to pollute the JavaScript object prototype and, by chaining the pollution with the Git node's SSH operations, achieve remote code execution on the n8n host.

Patches

The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.

Workarounds

If upgrading is not immediately possible, administrators should consider the following temporary mitigations:

  • Limit workflow creation and editing permissions to fully trusted users only.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

AnalysisAI

Prototype pollution in n8n's XML webhook parser (xml2js library) enables remote code execution when chained with Git node SSH operations. Authenticated users with workflow editing permissions can inject malicious XML payloads to pollute JavaScript object prototypes, then leverage the polluted prototype in Git node operations to execute arbitrary code on the n8n host server. GitHub advisory GHSA-q5f4-99jv-pgg5 confirms patches available in versions 1.123.32, 2.17.4, and 2.18.1. No CISA KEV listing or public POC identified at time of analysis, but the CVSS 10.0 score appears inconsistent with the authenticated (PR:L expected) nature described in the advisory.

Technical ContextAI

This vulnerability exploits a prototype pollution flaw in the xml2js library, a popular Node.js XML-to-JavaScript object parser used by n8n to process XML payloads in webhook requests. Prototype pollution (CWE-1321) occurs when an attacker can inject properties into JavaScript's Object.prototype, affecting all objects in the application. The vulnerability chains this pollution with n8n's Git node, which performs SSH operations. By polluting prototypes with SSH-related properties, an attacker can influence the Git node's command construction or configuration, ultimately achieving arbitrary command execution. The affected package is the n8n npm package across multiple version branches: all versions before 1.123.32, versions 2.17.0-2.17.3, and version 2.18.0. n8n is a workflow automation platform that executes user-defined workflows containing various integration nodes.

RemediationAI

Upgrade n8n to version 1.123.32 (for 1.x deployments), 2.17.4 (for 2.17.x deployments), or 2.18.1 (for 2.18.x deployments) as specified in the vendor advisory at https://github.com/n8n-io/n8n/security/advisories/GHSA-q5f4-99jv-pgg5. For npm-based installations, run npm update n8n and restart the n8n service. Docker users should pull the latest patched image tags. If immediate patching is not feasible, implement the vendor-recommended temporary mitigation by restricting workflow creation and editing permissions exclusively to fully trusted administrators through n8n's role-based access control settings. Note this workaround has trade-offs: it reduces operational flexibility and does not protect against malicious or compromised trusted users. Review existing workflows for suspicious Git node configurations as a precautionary measure. Organizations using n8n Cloud should verify automatic patching status with the vendor. The vendor explicitly states the workaround does not fully remediate risk and should only be used short-term.

CVE-2026-34621 HIGH POC
8.6 Apr 11

Prototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execu

CVE-2024-56059 CRITICAL
9.8 Dec 18

Prototype pollution in the farinspace Partners WordPress plugin (versions up to and including 0.2.0) enables remote unau

CVE-2020-28271 CRITICAL POC
9.8 Nov 12

Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service

CVE-2023-38894 CRITICAL POC
9.8 Aug 16

A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code vi

CVE-2024-24292 CRITICAL POC
9.8 Mar 28

A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function

CVE-2023-26121 CRITICAL POC
10.0 Apr 11

All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper s

CVE-2021-23449 CRITICAL POC
10.0 Oct 18

This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitr

CVE-2024-39011 CRITICAL POC
9.8 Jul 30

Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Ser

CVE-2024-38988 CRITICAL POC
9.8 Mar 28

alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/inde

CVE-2025-57347 CRITICAL POC
9.8 Sep 24

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConf

CVE-2025-57321 CRITICAL POC
9.8 Sep 24

A Prototype Pollution vulnerability in the util-deps.addFileDepend function of magix-combine-ex versions thru 1.2.10 all

CVE-2024-45435 CRITICAL POC
9.8 Aug 29

Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. Rated critical severity (CVSS 9.8), this

Share

CVE-2026-42231 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy