CVE-2026-44791 n8n: XML Node Prototype Pollution Patch Bypass

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-42232 in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. This...

n8n has XML Node Prototype Pollution that to RCE

Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype pollution. Patches The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Use...

MAL-2025-134455 Malicious code in iwan-dodol34-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1681be4307645da493a0cd2fe2bf3e632a9fcd7e5876e107033e38f35ab61fc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-104818 Malicious code in kiki-tempe54-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2452a0802785490f1b7d3a21e7f31cefb6ea8f16f72be0bf5aa28729acbf6dad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...