The vulnerability arises from the xml2js library used by n8n’s webhook handler, which permits a crafted XML payload to overwrite properties on the JavaScript Object prototype. This prototype pollution can then be leveraged through the Git node’s SSH functionality, allowing an attacker with the ability to create or edit workflows to execute arbitrary code on the n8n host. The flaw is a classic example of prototype pollution (CWE‑1321) that leads directly to remote code execution, offering full control over the affected system's files and processes.

The affected product is the open‑source workflow automation platform n8n from n8n-io. Versions prior to 1.123.32, 2.17.4, and 2.18.1 are vulnerable. Users running any of these releases should verify their current version and apply the appropriate update.

The CVSS score of 9.4 indicates critical severity. Although the EPSS score is not available, the flaw requires an authenticated user with workflow modification rights, a privilege many operational deployments provide. An attacker could send a malicious XML payload to an accessible webhook endpoint, then chain the prototype pollution into the Git node to perform unauthorized SSH operations and run code on the host. Given the high CVSS and the authenticated requirement, the likelihood of exploitation remains significant in environments where internal users can modify workflows.