EUVD-2026-38485

🗓️ 23 Jun 2026 15:54:17Reported by EUVDType

Auth users could bypass patch for CVE 2026-42232 patch in XML node, enabling remote code execution; fixed.

Reporter	Title	Published	Views	Family All 28
ATTACKERKB	CVE-2026-42232	4 May 202618:34	–	attackerkb
Circl	CVE-2026-42232	4 May 202604:17	–	circl
Circl	CVE-2026-44791	20 May 202600:16	–	circl
CNNVD	n8n 安全漏洞	4 May 202600:00	–	cnnvd
CVE	CVE-2026-42232	4 May 202618:34	–	cve
CVE	CVE-2026-44791	23 Jun 202615:54	–	cve
Cvelist	CVE-2026-42232 n8n: XML Node Prototype Pollution to RCE	4 May 202618:34	–	cvelist
Cvelist	CVE-2026-44791 n8n: XML Node Prototype Pollution Patch Bypass	23 Jun 202615:54	–	cvelist
EUVD	EUVD-2026-27104	4 May 202618:34	–	euvd
Github Security Blog	n8n has XML Node Prototype Pollution that to RCE	29 Apr 202621:25	–	github

[
  {
    "enisaIdVendor": [
      {
        "id": "62175f3b-49d0-3092-b2e7-d76c04f8f120",
        "vendor": {
          "name": "n8n-io"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "5fc9c946-7341-35ee-869e-cfe4e5add36f",
        "product": {
          "name": "n8n",
          "vendor": {
            "name": "n8n-io"
          }
        },
        "product_version": "< 1.123.43"
      },
      {
        "id": "926de9c9-05ad-36fb-ad0c-06e11b7a7d32",
        "product": {
          "name": "n8n",
          "vendor": {
            "name": "n8n-io"
          }
        },
        "product_version": "2.21.0, < 2.21.1"
      },
      {
        "id": "9943470d-678f-39fc-861d-9c43df7060c5",
        "product": {
          "name": "n8n",
          "vendor": {
            "name": "n8n-io"
          }
        },
        "product_version": "2.0.0-rc.0, < 2.20.7"
      }
    ]
  }
]

Source	Link
github	www.github.com/n8n-io/n8n/security/advisories/GHSA-wrwr-h859-xh2r

23 Jun 2026 17:13Current

6.1Medium risk

Vulners AI Score6.1

CVSS 49.4

CVSS 3.18.8

EPSS0.00478

SSVC