Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable HTTP UI with low-privileged workflow-editor account (PR:L); AC:H because full RCE requires chaining a separate gadget per vendor; scope unchanged as impact stays within the n8n process.
Primary rating from Vendor (https://github.com/n8n-io/n8n).
CVSS VectorVendor: https://github.com/n8n-io/n8n
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
Impact
An authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques this could lead to RCE on the instance.
Patches
The issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1. Users should upgrade to one of these versions or later to remediate the vulnerability.
Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
- Limit workflow creation and editing permissions to fully trusted users only.
- Disable the HTTP Request node by adding
n8n-nodes-base.httpRequestto theNODES_EXCLUDEenvironment variable.
These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
--- n8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AnalysisAI
Prototype pollution leading to remote code execution in n8n workflow automation platform allows authenticated users with workflow create/modify permissions to corrupt the global Object prototype via an unvalidated pagination parameter in the HTTP Request node. Affecting n8n versions before 1.123.43, 2.20.7, and 2.22.1, the flaw chains with other techniques to escalate to full instance compromise. No public exploit identified at time of analysis, with EPSS at 0.05% (16th percentile) indicating low observed exploitation interest despite CVSS 4.0 9.4 critical rating.
Technical ContextAI
n8n is a popular open-source workflow automation platform (fair-code licensed) built on Node.js, allowing users to chain HTTP requests, webhooks, and integrations into automation pipelines. The root cause is CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes - 'Prototype Pollution'), a JavaScript-specific class of bug where attacker-controlled keys (e.g., '__proto__', 'constructor.prototype') are merged into objects without filtering, mutating the global Object prototype and affecting all subsequent object lookups across the process. The vulnerable input path is the pagination parameter handling of the n8n-nodes-base.httpRequest node, where user-supplied data is processed without key sanitization. In Node.js environments, prototype pollution frequently chains into RCE via gadgets such as polluted child_process options, template engines, or library configuration objects - the advisory explicitly notes 'combined with other techniques this could lead to RCE'. Affected CPE is pkg:npm/n8n across multiple release lines (1.x and 2.x).
RemediationAI
Vendor-released patch: upgrade to n8n 1.123.43, 2.20.7, or 2.22.1 (or later) per the version branch in use, as documented in the GitHub Security Advisory at https://github.com/n8n-io/n8n/security/advisories/GHSA-c8xv-5998-g76h. If immediate upgrade is not possible, restrict workflow create and edit permissions to fully trusted operators only via n8n's role-based access controls - this directly removes the attacker prerequisite but is operationally disruptive for teams that delegate workflow authoring widely. As a second compensating control, disable the HTTP Request node entirely by adding n8n-nodes-base.httpRequest to the NODES_EXCLUDE environment variable; this eliminates the vulnerable code path but breaks any existing workflow that performs outbound HTTP calls, which is a core n8n use case and will likely halt many production automations. The vendor explicitly notes these workarounds do not fully remediate the risk.
More in Prototype Pollution
View allPrototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execu
Prototype pollution in the farinspace Partners WordPress plugin (versions up to and including 0.2.0) enables remote unau
Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service
A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code vi
A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function
All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper s
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitr
Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Ser
alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/inde
A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConf
A Prototype Pollution vulnerability in the util-deps.addFileDepend function of magix-combine-ex versions thru 1.2.10 all
Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. Rated critical severity (CVSS 9.8), this
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38483
GHSA-c8xv-5998-g76h