Skip to main content

n8n CVE-2026-54306

| EUVDEUVD-2026-38474 MEDIUM
Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) (CWE-1321)
2026-06-16 https://github.com/n8n-io/n8n GHSA-2vff-hj5x-8gq7
6.3
CVSS 4.0 · Vendor: https://github.com/n8n-io/n8n
Share

Severity by source

Vendor (https://github.com/n8n-io/n8n) PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.4 MEDIUM

Public webhook requires no auth (AV:N, PR:N) but specific workflow topology required (AC:H); S:C captures confused-deputy projection onto external credential-authenticated targets.

3.1 AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (https://github.com/n8n-io/n8n).

CVSS VectorVendor: https://github.com/n8n-io/n8n

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
CVSS changed
Jun 23, 2026 - 18:22 NVD
5.4 (MEDIUM) 6.3 (MEDIUM)
Source Code Evidence Fetched
Jun 16, 2026 - 19:55 vuln.today
Analysis Generated
Jun 16, 2026 - 19:55 vuln.today

DescriptionCVE.org

Impact

A prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as normal values by downstream built-in nodes.

Where a workflow combines a public webhook with action nodes that consume the resulting fields, an attacker could cause the workflow to act as a confused deputy - targeting unintended records or issuing outbound requests using the workflow owner's configured credentials.

Patches

The issue has been fixed in n8n versions 2.25.7, and 2.26.2. Users should upgrade to one of these versions or later to remediate the vulnerability.

Workarounds

If upgrading is not immediately possible, administrators should consider the following temporary mitigations:

  • Avoid exposing public (unauthenticated) webhook workflows that pass incoming data through transform nodes into action nodes with sensitive credentials or database operations.
  • Limit workflow creation and editing permissions to fully trusted users only.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

AnalysisAI

Prototype pollution in n8n's internal webhook object-copying routine enables unauthenticated network attackers to inject attacker-controlled fields into workflow execution data, turning affected workflows into confused deputies that abuse the workflow owner's stored credentials. Affected npm package versions span all n8n releases below 2.25.7 and the 2.26.0-2.26.1 range; vendor-confirmed patches are available. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Enumerate public n8n webhook endpoint URL
Delivery
Craft JSON payload with __proto__ or constructor.prototype pollution keys
Exploit
Submit unauthenticated POST to public webhook endpoint
Execution
Internal object-copy routine propagates polluted fields into workflow data context
Persist
Downstream action node reads injected field as legitimate workflow value
Impact
Workflow issues authenticated request to attacker-chosen unintended target using owner credentials

Vulnerability AssessmentAI

Exploitation Exploitation requires two simultaneous conditions to be met. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 5.4 with vector AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N accurately encodes the dual nature of this vulnerability: it is network-reachable with no authentication barrier against the webhook endpoint (AV:N, PR:N), yet requires High Attack Complexity (AC:H) because exploitation is only possible against workflows that combine a public webhook with transform and credential-bearing action nodes in a specific topology. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker identifies a publicly accessible n8n webhook URL - discoverable via DNS enumeration, web crawling, or workflow-sharing platforms - whose connected workflow routes incoming data through a transform node into an action node configured with the owner's stored database or API credentials. The attacker submits a crafted POST body such as {"__proto__": {"recordId": "victim-record-id"}} to the unauthenticated endpoint; during internal object copying, the polluted key materializes as a legitimate workflow field, causing the downstream action node to target an unintended record using the owner's authenticated session. …
Remediation Upgrade n8n to version 2.25.7 or 2.26.2 (or any later release) as detailed in the vendor's GitHub Security Advisory GHSA-2vff-hj5x-8gq7 (https://github.com/n8n-io/n8n/security/advisories/GHSA-2vff-hj5x-8gq7); these are the vendor-confirmed patch versions. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-34621 HIGH POC
8.6 Apr 11

Prototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execu

CVE-2024-56059 CRITICAL
9.8 Dec 18

Prototype pollution in the farinspace Partners WordPress plugin (versions up to and including 0.2.0) enables remote unau

CVE-2020-28271 CRITICAL POC
9.8 Nov 12

Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service

CVE-2023-38894 CRITICAL POC
9.8 Aug 16

A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code vi

CVE-2024-24292 CRITICAL POC
9.8 Mar 28

A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function

CVE-2023-26121 CRITICAL POC
10.0 Apr 11

All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper s

CVE-2021-23449 CRITICAL POC
10.0 Oct 18

This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitr

CVE-2024-39011 CRITICAL POC
9.8 Jul 30

Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Ser

CVE-2024-38988 CRITICAL POC
9.8 Mar 28

alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/inde

CVE-2025-57347 CRITICAL POC
9.8 Sep 24

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConf

CVE-2025-57321 CRITICAL POC
9.8 Sep 24

A Prototype Pollution vulnerability in the util-deps.addFileDepend function of magix-combine-ex versions thru 1.2.10 all

CVE-2024-45435 CRITICAL POC
9.8 Aug 29

Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. Rated critical severity (CVSS 9.8), this

Share

CVE-2026-54306 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy