Description
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-42232 in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.
Published: 2026-06-23
Score: 9.4 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

n8n, an open source workflow automation platform, is affected before versions 1.123.43, 2.22.1, and 2.20.7. An authenticated user with permission to create or modify workflows can bypass the patch that addressed CVE-2026-42232 in the XML node. By combining the XML node with other nodes, this bypass can lead to remote code execution on the host running n8n. The vulnerability is a prototype‑pollution flaw (CWE‑1321).

Affected Systems

The vulnerability affects the n8n workflow automation platform from n8n-io. Versions before 1.123.43, 2.22.1, and 2.20.7 are susceptible; these releases lack the critical patch that mitigates the XML node issue.

Risk and Exploitability

The CVSS score of 9.4 marks this flaw as critical. While an EPSS score is not available, the lack of a KEV listing does not diminish the risk because the attack requires an authenticated session with permission to modify workflows, after which the attacker can execute arbitrary code on the host. Exploitation would … editing interfaces, making the attack vector essentially internal but still capable of delivering remote commands.

Generated by OpenCVE AI on June 23, 2026 at 22:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade n8n to version 1.123.43, 2.22.1, or 2.20.7 to install the fixed XML node implementation.
  • Restrict workflow editing permissions so that only trusted users can create or modify workflows, reducing the likelihood of an attacker bypassing the patch.
  • Suspending the XML node for existing workflows or disabling XML node updates until the platform is patched acts as a temporary workaround while a permanent fix is applied.

Generated by OpenCVE AI on June 23, 2026 at 22:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-wrwr-h859-xh2r n8n Has an XML Node Prototype Pollution Patch Bypass
History

Tue, 23 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-42232 in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.
Title n8n: XML Node Prototype Pollution Patch Bypass
Weaknesses CWE-1321
References
Metrics cvssV4_0

{'score': 9.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-23T17:13:43.642Z

Reserved: 2026-05-07T19:20:44.692Z

Link: CVE-2026-44791

cve-icon Vulnrichment

Updated: 2026-06-23T17:13:40.191Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T22:15:04Z

Weaknesses
  • CWE-1321

    Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')