4 matches found
CVE-2026-54306 n8n: Prototype Pollution enables confused-deputy execution via public webhooks
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, a prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as norma...
n8n: Prototype Pollution enables confused-deputy execution via public webhooks
Impact A prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as normal values by downstream built-in nodes. Where a workflow combines a public...
NPM: n8n: Prototype Pollution enables confused-deputy execution via public webhooks
NPM: n8n: Prototype Pollution enables confused-deputy execution via public webhooks vulnerability discovered by ? in WordPress Npm n8n versions 2.25.7...
PT-2026-50180
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description The Compression node's Decompress operation expands attacker-controlled archives into memory without enforcing limits on the decompressed output size. An unauthenticated attacker can send a small...