Skip to main content

n8n EUVDEUVD-2026-38485

| CVE-2026-44791 CRITICAL
Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) (CWE-1321)
2026-05-14 https://github.com/n8n-io/n8n GHSA-wrwr-h859-xh2r
9.4
CVSS 4.0 · Vendor: https://github.com/n8n-io/n8n
Share

Severity by source

Vendor (https://github.com/n8n-io/n8n) PRIMARY
9.4 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.9 CRITICAL

Network-reachable web UI/API (AV:N), reliable prototype pollution chain (AC:L), requires workflow-editor account (PR:L), no second-user interaction (UI:N), RCE on host changes scope (S:C) with full CIA impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (https://github.com/n8n-io/n8n).

CVSS VectorVendor: https://github.com/n8n-io/n8n

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Analysis Updated
Jun 23, 2026 - 18:30 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 23, 2026 - 18:29 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 23, 2026 - 18:22 vuln.today
cvss_changed
CVSS changed
Jun 23, 2026 - 18:22 NVD
9.4 (CRITICAL)
Source Code Evidence Fetched
May 14, 2026 - 17:02 vuln.today
Analysis Generated
May 14, 2026 - 17:02 vuln.today
CVE Published
May 14, 2026 - 16:17 nvd
CRITICAL

DescriptionCVE.org

Impact

An authenticated user with permission to create or modify workflows could bypass the patch for GHSA-hqr4-h3xv-9m3r in the XML node. When combined with other nodes, this could lead to RCE on the n8n host.

Patches

The issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1. Users should upgrade to one of these versions or later to remediate the vulnerability.

Workarounds

If upgrading is not immediately possible, administrators should consider the following temporary mitigations:

  • Limit workflow creation and editing permissions to fully trusted users only.
  • Disable the XML node by adding n8n-nodes-base.xml to the NODES_EXCLUDE environment variable.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

--- n8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AnalysisAI

Remote code execution in n8n workflow automation platform is possible via a prototype pollution patch bypass in the XML node, affecting versions prior to 1.123.43, 2.20.7, and 2.22.1. Authenticated users with workflow creation or modification permissions can bypass the prior fix for GHSA-hqr4-h3xv-9m3r and, by chaining the XML node with other nodes, achieve code execution on the n8n host. No public exploit identified at time of analysis, though EPSS is low (0.05%) suggesting limited near-term mass exploitation despite the high CVSS 4.0 score of 9.4.

Technical ContextAI

n8n is a popular open-source workflow automation platform distributed as the npm package n8n. The flaw is classified as CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes, i.e. Prototype Pollution), a JavaScript-specific class of bug where attacker-controlled keys reach Object.prototype and pollute properties inherited by every object in the runtime. The vulnerability lives in n8n's built-in XML node (n8n-nodes-base.xml), which parses untrusted XML into JavaScript objects; an earlier patch for GHSA-hqr4-h3xv-9m3r blocked one pollution path, and this CVE represents an incomplete-fix bypass of that mitigation. Because n8n executes workflow logic in Node.js, polluted prototype properties can influence the behavior of subsequent nodes in the same workflow, which is how the bypass is escalated to remote code execution on the host process.

RemediationAI

Vendor-released patch: upgrade to n8n 1.123.43, 2.20.7, or 2.22.1 (or any later release on those lines) as documented in advisory https://github.com/n8n-io/n8n/security/advisories/GHSA-wrwr-h859-xh2r. If immediate upgrade is not possible, restrict workflow create/edit permissions to a small set of fully trusted operators via n8n's RBAC, which removes the low-privilege attacker pool but breaks delegated workflow authoring and self-service automation use cases. As a second compensating control, disable the XML node entirely by adding n8n-nodes-base.xml to the NODES_EXCLUDE environment variable and restarting the instance; the trade-off is that any existing workflows depending on XML parsing will fail until refactored to use an alternative parser node. The vendor explicitly states these workarounds do not fully remediate the risk and should be treated as short-term mitigations only.

CVE-2026-34621 HIGH POC
8.6 Apr 11

Prototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execu

CVE-2024-56059 CRITICAL
9.8 Dec 18

Prototype pollution in the farinspace Partners WordPress plugin (versions up to and including 0.2.0) enables remote unau

CVE-2020-28271 CRITICAL POC
9.8 Nov 12

Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service

CVE-2023-38894 CRITICAL POC
9.8 Aug 16

A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code vi

CVE-2024-24292 CRITICAL POC
9.8 Mar 28

A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function

CVE-2023-26121 CRITICAL POC
10.0 Apr 11

All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper s

CVE-2021-23449 CRITICAL POC
10.0 Oct 18

This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitr

CVE-2024-39011 CRITICAL POC
9.8 Jul 30

Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Ser

CVE-2024-38988 CRITICAL POC
9.8 Mar 28

alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/inde

CVE-2025-57347 CRITICAL POC
9.8 Sep 24

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConf

CVE-2025-57321 CRITICAL POC
9.8 Sep 24

A Prototype Pollution vulnerability in the util-deps.addFileDepend function of magix-combine-ex versions thru 1.2.10 all

CVE-2024-45435 CRITICAL POC
9.8 Aug 29

Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. Rated critical severity (CVSS 9.8), this

Share

EUVD-2026-38485 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy