31 matches found
n8n Has an XML Node Prototype Pollution Patch Bypass
Impact An authenticated user with permission to create or modify workflows could bypass the patch for GHSA-hqr4-h3xv-9m3r in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. Patches The issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1. Users...
NPM: n8n Has an XML Node Prototype Pollution Patch Bypass
NPM: n8n Has an XML Node Prototype Pollution Patch Bypass vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...
GHSA-WRWR-H859-XH2R n8n Has an XML Node Prototype Pollution Patch Bypass
Impact An authenticated user with permission to create or modify workflows could bypass the patch for GHSA-hqr4-h3xv-9m3r in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. Patches The issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1. Users...
Prototype Pollution
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Prototype Pollution in the Xml class, which implements an XML node. A user with permission to create or modify workflows can achieve remote code execution on the host system. Note: This is a bypass ...
CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled comment content to be serialized into XML without validating or...
XMLDOM 安全漏洞
XMLDOM is a JavaScript implementation of the W3C DOM for Node developed by jindw. Versions of XMLDOM prior to 0.9.10, 0.8.13, and xmldom 0.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from improper validation or neutralization of the PI end sequence when...
CVE-2026-42232
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype...
CVE-2026-42232 n8n: XML Node Prototype Pollution to RCE
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype...
CVE-2026-42232
Summary: CVE-2026-42232 affects n8n, an open source workflow automation platform. An authenticated user with workflow-create/modify permissions could trigger a global prototype pollution vulnerability via the XML Node, potentially enabling remote code execution when combined with other nodes expl...
CVE-2026-42232 n8n: XML Node Prototype Pollution to RCE
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype...
CVE-2026-42232
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype...
EUVD-2026-27104
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype...
n8n Node.js Package < 1.123.32 / 2.x < 2.17.4 / 2.18.x < 2.18.1 XML Node Prototype Pollution RCE (GHSA-hqr4-h3xv-9m3r)
The version of the n8n Node.js Package installed on the remote host is prior to 1.123.32, 2.x prior to 2.17.4, or 2.18.x prior to 2.18.1. It is, therefore, affected by a remote code execution vulnerability: - An authorized user with workflow creation or modification capabilities can exploit...
n8n has XML Node Prototype Pollution that to RCE
Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype pollution. Patches The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Use...
Prototype Pollution
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Prototype Pollution via the xml node. An attacker can execute arbitrary code by exploiting prototype pollution when creating or modifying workflows. Note: This is only exploitable if the attacker is...
GHSA-HQR4-H3XV-9M3R n8n has XML Node Prototype Pollution that to RCE
Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype pollution. Patches The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Use...
Prototype Pollution
Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Prototype Pollution via the GSuiteAdmin node parameter. An attacker with permissions to create or modify workflows can execute arbitrary code by supplying crafted parameters that pollute...
EUVD-2026-15945
n8n: Prototype Pollution in XML and GSuiteAdmin node parameters lead to RCE...
CVE-2026-33696
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part...
CVE-2026-33696 n8n Vulnerable to Prototype Pollution in XML & GSuiteAdmin node parameters lead to RCE
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part...