Description
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modify workflows could exploit this to pollute the JavaScript object prototype and, by chaining the pollution with the Git node's SSH operations, achieve remote code execution on the n8n host. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
Published: 2026-05-04
Score: 9.4 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from the xml2js library used by n8n’s webhook handler, which permits a crafted XML payload to overwrite properties on the JavaScript Object prototype. This prototype pollution can then be leveraged through the Git node’s SSH functionality, allowing an attacker with the ability to create or edit workflows to execute arbitrary code on the n8n host. The flaw is a classic example of prototype pollution (CWE‑1321) that leads directly to remote code execution, offering full control over the affected system's files and processes.

Affected Systems

The affected product is the open‑source workflow automation platform n8n from n8n-io. Versions prior to 1.123.32, 2.17.4, and 2.18.1 are vulnerable. Users running any of these releases should verify their current version and apply the appropriate update.

Risk and Exploitability

The CVSS score of 9.4 indicates critical severity. Although the EPSS score is not available, the flaw requires an authenticated user with workflow modification rights, a privilege many operational deployments provide. An attacker could send a malicious XML payload to an accessible webhook endpoint, then chain the prototype pollution into the Git node to perform unauthorized SSH operations and run code on the host. Given the high CVSS and the authenticated requirement, the likelihood of exploitation remains significant in environments where internal users can modify workflows.

Generated by OpenCVE AI on May 4, 2026 at 20:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade n8n to at least version 1.123.32, 2.17.4, or 2.18.1, which contain a fix for the xml2js prototype pollution.
  • Prior to deploying the patch, restrict webhook endpoint access to only those authenticated users who truly need to create or modify workflows, thereby minimizing the attack surface.
  • If an immediate upgrade is not feasible, disable or remove XML body parsing for webhook requests or enforce strict validation that rejects payloads containing unexpected XML tags until the fix is applied.

Generated by OpenCVE AI on May 4, 2026 at 20:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-q5f4-99jv-pgg5 n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE
History

Wed, 06 May 2026 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:n8n:n8n:*:*:*:*:enterprise:node.js:*:*
cpe:2.3:a:n8n:n8n:2.18.0:*:*:*:enterprise:node.js:*:*
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Tue, 05 May 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared N8n
N8n n8n
Vendors & Products N8n
N8n n8n

Mon, 04 May 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 19:00:00 +0000

Type Values Removed Values Added
Description n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modify workflows could exploit this to pollute the JavaScript object prototype and, by chaining the pollution with the Git node's SSH operations, achieve remote code execution on the n8n host. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
Title n8n: Prototype Pollution in XML Webhook Body Parser Leads to RCE
Weaknesses CWE-1321
References
Metrics cvssV4_0

{'score': 9.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

N8n N8n
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-05T03:56:35.371Z

Reserved: 2026-04-25T05:37:12.117Z

Link: CVE-2026-42231

cve-icon Vulnrichment

Updated: 2026-05-04T20:18:00.893Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-04T19:16:05.417

Modified: 2026-05-06T17:14:03.970

Link: CVE-2026-42231

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T21:45:15Z

Weaknesses