Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/23 3:43 p.m.45 views

CVE-2026-54306 n8n: Prototype Pollution enables confused-deputy execution via public webhooks

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, a prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as norma...

6.3CVSS0.00259EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/16 7:0 p.m.8 views

n8n: Prototype Pollution enables confused-deputy execution via public webhooks

Impact A prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as normal values by downstream built-in nodes. Where a workflow combines a public...

6.4CVSS5.4AI score0.00259EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/16 7:0 p.m.6 views

NPM: n8n: Prototype Pollution enables confused-deputy execution via public webhooks

NPM: n8n: Prototype Pollution enables confused-deputy execution via public webhooks vulnerability discovered by ? in WordPress Npm n8n versions 2.25.7...

6.4CVSS6AI score0.00259EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.18 views

PT-2026-50180

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description The Compression node's Decompress operation expands attacker-controlled archives into memory without enforcing limits on the decompressed output size. An unauthenticated attacker can send a small...

7.5CVSS5.9AI score0.00375EPSS
Exploits0References6
Rows per page
Query Builder