Description
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-42232 in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.
Published: 2026-06-23
Score: 9.4 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

n8n is an open‑source workflow automation platform. Prior to versions 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass a previously applied patch for CVE‑2026‑42232 in the XML node. This flaw allows a prototype‑pollution attack that can result in arbitrary code execution on the host when the malicious workflow is run alongside other nodes. The weakness is classified as CWE‑1321.

Affected Systems

The vulnerability affects the n8n workflow automation platform distributed by n8n-io. All releases older than 1.123.43, 2.22.1, and 2.20.7 are susceptible; those releases lack the critical patch that mitigates the XML node issue.

Risk and Exploitability

The CVSS score of 9.4 indicates the flaw is critical. An EPSS score is not available, so the probability of exploitation remains uncertain; however, the lack of a KEV listing does not diminish the risk. Based on the description, it is inferred that the attack vector is internal, requiring an authenticated session with workflow edit rights, after which the attacker can manipulate the XML node to inject malicious code and achieve remote code execution on the n8n host.

Generated by OpenCVE AI on June 24, 2026 at 11:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade n8n to version 1.123.43, 2.22.1, or 2.20.7 to install the fixed XML node implementation.
  • Restrict workflow creation and modification permissions so that only trusted users can edit workflows, reducing the opportunity for an attacker to exploit the prototype‑pollution flaw.
  • Disable the XML node in existing workflows or prevent XML node updates until the platform is patched, providing a temporary mitigation until the upgrade can be performed.

Generated by OpenCVE AI on June 24, 2026 at 11:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-wrwr-h859-xh2r n8n Has an XML Node Prototype Pollution Patch Bypass
History

Wed, 24 Jun 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared N8n
N8n n8n
Vendors & Products N8n
N8n n8n

Tue, 23 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-42232 in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.
Title n8n: XML Node Prototype Pollution Patch Bypass
Weaknesses CWE-1321
References
Metrics cvssV4_0

{'score': 9.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-23T17:13:43.642Z

Reserved: 2026-05-07T19:20:44.692Z

Link: CVE-2026-44791

cve-icon Vulnrichment

Updated: 2026-06-23T17:13:40.191Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T16:00:06Z

Weaknesses
  • CWE-1321

    Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')