Skip to main content

n8n EUVDEUVD-2026-38474

| CVE-2026-54306 MEDIUM
Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) (CWE-1321)
2026-06-16 https://github.com/n8n-io/n8n GHSA-2vff-hj5x-8gq7
6.3
CVSS 4.0 · Vendor: https://github.com/n8n-io/n8n
Share

Severity by source

Vendor (https://github.com/n8n-io/n8n) PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.4 MEDIUM

Public webhook requires no auth (AV:N, PR:N) but specific workflow topology required (AC:H); S:C captures confused-deputy projection onto external credential-authenticated targets.

3.1 AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (https://github.com/n8n-io/n8n).

CVSS VectorVendor: https://github.com/n8n-io/n8n

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
CVSS changed
Jun 23, 2026 - 18:22 NVD
5.4 (MEDIUM) 6.3 (MEDIUM)
Source Code Evidence Fetched
Jun 16, 2026 - 19:55 vuln.today
Analysis Generated
Jun 16, 2026 - 19:55 vuln.today

DescriptionCVE.org

Impact

A prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as normal values by downstream built-in nodes.

Where a workflow combines a public webhook with action nodes that consume the resulting fields, an attacker could cause the workflow to act as a confused deputy - targeting unintended records or issuing outbound requests using the workflow owner's configured credentials.

Patches

The issue has been fixed in n8n versions 2.25.7, and 2.26.2. Users should upgrade to one of these versions or later to remediate the vulnerability.

Workarounds

If upgrading is not immediately possible, administrators should consider the following temporary mitigations:

  • Avoid exposing public (unauthenticated) webhook workflows that pass incoming data through transform nodes into action nodes with sensitive credentials or database operations.
  • Limit workflow creation and editing permissions to fully trusted users only.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

AnalysisAI

Prototype pollution in n8n's internal webhook object-copying routine enables unauthenticated network attackers to inject attacker-controlled fields into workflow execution data, turning affected workflows into confused deputies that abuse the workflow owner's stored credentials. Affected npm package versions span all n8n releases below 2.25.7 and the 2.26.0-2.26.1 range; vendor-confirmed patches are available. Exploitation is constrained by a specific workflow topology requirement, but where that topology exists the impact extends beyond n8n itself to external systems reachable via the owner's configured credentials - a scope change that the CVSS S:C metric appropriately captures. No public exploit code and no CISA KEV listing have been identified at time of analysis.

Technical ContextAI

n8n is a Node.js workflow automation platform distributed as pkg:npm/n8n. The vulnerable code path lies in the internal object-copying routine that ingests and propagates incoming webhook payload data between workflow nodes. CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes - 'Prototype Pollution') describes the root cause: when a JSON body containing keys such as __proto__ or constructor.prototype is merged or cloned without sanitization, attacker-supplied properties contaminate the shared JavaScript Object prototype, causing them to appear as enumerable properties on all downstream objects within the same runtime context. In n8n's execution model, this means injected keys surface as legitimate workflow field values when built-in action nodes (database connectors, HTTP request nodes, cloud-service integrations) read from the workflow's data object. The pollution occurs at the boundary where the public webhook receives external input and copies it into the internal workflow data graph, before any node-level data validation runs.

RemediationAI

Upgrade n8n to version 2.25.7 or 2.26.2 (or any later release) as detailed in the vendor's GitHub Security Advisory GHSA-2vff-hj5x-8gq7 (https://github.com/n8n-io/n8n/security/advisories/GHSA-2vff-hj5x-8gq7); these are the vendor-confirmed patch versions. If an immediate upgrade is not operationally feasible, the vendor explicitly endorses two interim mitigations, both with acknowledged limitations. First, disable or restructure any public (unauthenticated) webhook workflows that route incoming payload data through transform nodes into action nodes configured with sensitive stored credentials or database write permissions - this directly eliminates the confused-deputy attack surface but reduces automation capability for those specific workflows. Second, restrict workflow creation and editing permissions to fully trusted users only, preventing introduction of new vulnerable workflow topologies; note this does not protect already-published public webhook workflows and does not substitute for patching. The vendor explicitly states these workarounds are incomplete and intended only as short-term measures pending upgrade.

CVE-2026-34621 HIGH POC
8.6 Apr 11

Prototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execu

CVE-2024-56059 CRITICAL
9.8 Dec 18

Prototype pollution in the farinspace Partners WordPress plugin (versions up to and including 0.2.0) enables remote unau

CVE-2020-28271 CRITICAL POC
9.8 Nov 12

Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service

CVE-2023-38894 CRITICAL POC
9.8 Aug 16

A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code vi

CVE-2024-24292 CRITICAL POC
9.8 Mar 28

A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function

CVE-2023-26121 CRITICAL POC
10.0 Apr 11

All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper s

CVE-2021-23449 CRITICAL POC
10.0 Oct 18

This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitr

CVE-2024-39011 CRITICAL POC
9.8 Jul 30

Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Ser

CVE-2024-38988 CRITICAL POC
9.8 Mar 28

alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/inde

CVE-2025-57347 CRITICAL POC
9.8 Sep 24

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConf

CVE-2025-57321 CRITICAL POC
9.8 Sep 24

A Prototype Pollution vulnerability in the util-deps.addFileDepend function of magix-combine-ex versions thru 1.2.10 all

CVE-2024-45435 CRITICAL POC
9.8 Aug 29

Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. Rated critical severity (CVSS 9.8), this

Share

EUVD-2026-38474 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy