2 matches found
CVE-2026-44791 n8n: XML Node Prototype Pollution Patch Bypass
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-42232 in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. This...
n8n has XML Node Prototype Pollution that to RCE
Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype pollution. Patches The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Use...