What is the CVSS score of CVE-2026-54312?

CVE-2026-54312 has a CVSS 3.1 base score of 8.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H.

Which versions of n8n are affected by CVE-2026-54312?

n8n workflow automation platform versions prior to 2.24.0 contain a denial-of-service vulnerability in the Microsoft SQL node that allows authenticated users with workflow modification permissions to…. A patch is available.

How to fix or mitigate CVE-2026-54312?

Within 24 hours: Audit n8n instances to identify which authenticated users hold workflow creation or modification permissions. Within 7 days: Restrict these permissions to essential administrators only and implement monitoring for prototype pollution attempts on Microsoft SQL node parameters. Within 30 days: Monitor n8n releases for version 2.24.0 or later; schedule and execute platform upgrade once available.

n8n CVE-2026-54312

HIGH

Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) (CWE-1321)

2026-06-16 https://github.com/n8n-io/n8n

GHSA-x6p3-m6h9-fx7r

Prototype Pollution Microsoft Information Disclosure

8.5

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.5 HIGH

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H

vuln.today AI

8.5 HIGH

Network-reachable n8n UI/API (AV:N), low complexity payload (AC:L), requires authenticated workflow-editor (PR:L), no user interaction, prototype pollution crosses component scope (S:C) causing high availability impact and minor integrity impact, no confidentiality loss.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H

4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

High

Lifecycle Timeline

Source Code Evidence Fetched

Jun 17, 2026 - 00:09 vuln.today

Analysis Generated

Jun 17, 2026 - 00:09 vuln.today

CVE Published

Jun 16, 2026 - 22:38 github-advisory

HIGH 8.5

DescriptionGitHub Advisory

Impact

An authenticated user with permission to create or modify workflows could achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as the table parameter. This pollutes Object.prototype process-wide for the lifetime of the n8n server process, causing application-wide validation failures and rendering the n8n instance completely non-functional until restarted.

Patches

The issue has been fixed in n8n version 2.24.0. Users should upgrade to this version or later to remediate the vulnerability.

Workarounds

If upgrading is not immediately possible, administrators should consider the following temporary mitigations:

Limit workflow creation and editing permissions to fully trusted users only.
Disable the Microsoft SQL node by adding n8n-nodes-base.microsoftSql to the NODES_EXCLUDE environment variable.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

AnalysisAI

Denial of service in n8n workflow automation platform versions prior to 2.24.0 allows authenticated users with workflow creation/modification permissions to cause global prototype pollution via the Microsoft SQL node's table parameter. The pollution persists for the lifetime of the n8n server process, triggering application-wide validation failures that render the instance non-functional until a manual restart. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Obtain n8n account with workflow-edit rights

Delivery

Create workflow with Microsoft SQL node

Exploit

Inject crafted prototype-polluting table parameter

Execution

Execute workflow to trigger node handler

Persist

Pollute Object.prototype process-wide

Impact

Application-wide validation failures cause denial of service

Access

Obtain n8n account with workflow-edit rights

Delivery

Create workflow with Microsoft SQL node

Exploit

Inject crafted prototype-polluting table parameter

Execution

Execute workflow to trigger node handler

Persist

Pollute Object.prototype process-wide

Impact

Application-wide validation failures cause denial of service

Vulnerability AssessmentAI

Exploitation	Requires an authenticated n8n account with permission to create or modify workflows (consistent with CVSS PR:L), and the Microsoft SQL node (`n8n-nodes-base.microsoftSql`) must be available - i.e., not already excluded via `NODES_EXCLUDE`. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H scores 8.5 (High), driven primarily by the scope change (S:C) and high availability impact (A:H) - consistent with a single workflow corrupting the entire shared Node.js process. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker with a low-privileged n8n account that has workflow-edit rights - for example, a developer in a multi-tenant n8n deployment or a compromised collaborator account - creates or edits a workflow containing a Microsoft SQL node and supplies a crafted `table` parameter value designed to write into `Object.prototype`. Triggering the workflow once pollutes the prototype for the entire Node.js process, after which legitimate validation logic across the n8n server begins failing application-wide and the instance becomes unusable until an administrator restarts the process. …
Remediation	Vendor-released patch: n8n 2.24.0 - upgrade the npm `n8n` package to 2.24.0 or later as the primary remediation, per the GHSA-x6p3-m6h9-fx7r advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit n8n instances to identify which authenticated users hold workflow creation or modification permissions. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-12208 MEDIUM This Month POC

5.5 Jun 15

Prototype pollution in jsonata-js (all versions up to 2.2.0) allows remote unauthenticated attackers to inject arbitrary

CVE-2026-12209 MEDIUM This Month POC

5.5 Jun 15

Prototype pollution in RubyLouvre Avalon's Template Filter Handler (src/filters/index.js) allows remote unauthenticated

CVE-2026-48713 CRITICAL Act Now

9.1 Jun 15

Prototype pollution in i18next-fs-backend versions prior to 2.6.6 allows remote attackers to write arbitrary properties

CVE-2026-48714 CRITICAL Act Now

9.1 Jun 15

Remote prototype pollution in i18next-http-middleware before 3.9.7 allows unauthenticated attackers to write to Object.p

CVE-2026-53609 CRITICAL Act Now

9.1 Jun 12

Prototype pollution in ApostropheCMS versions up to and including 4.30.0 allows an authenticated editor to poison Object

CVE-2026-54312 vulnerability details – vuln.today

Back

n8n CVE-2026-54312

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

Impact

Patches

Workarounds

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code