CVE-2026-42232

EUVD-2026-27104
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype pollution. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
Prototype Pollution
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
Affected Products (NVD)
VendorProductVersion
n8nn8n
𝑥
< 1.123.32
n8nn8n
2.17.0 ≤
𝑥
< 2.17.4
n8nn8n
2.18.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/n8n-io/n8n/security/advisories/GHSA-hqr4-h3xv-9m3r