CVE-2026-42232

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype pollution. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/n8n-io/n8n/security/advisories/GHSA-hqr4-h3xv-9m3r	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:n8n:n8n:::::enterprise:node.js::
	cpe:2.3:a:n8n:n8n:::::enterprise:node.js::
	cpe:2.3:a:n8n:n8n:2.18.0::::enterprise:node.js::*

History

06 May 2026, 17:15

Type	Values Removed	Values Added
First Time		N8n n8n N8n
CPE		cpe:2.3:a:n8n:n8n:2.18.0::::enterprise:node.js::* cpe:2.3:a:n8n:n8n:::::enterprise:node.js::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
References	~~() https://github.com/n8n-io/n8n/security/advisories/GHSA-hqr4-h3xv-9m3r -~~	() https://github.com/n8n-io/n8n/security/advisories/GHSA-hqr4-h3xv-9m3r - Vendor Advisory

04 May 2026, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-05-04 19:16

Updated : 2026-05-06 17:15

NVD link : CVE-2026-42232

Mitre link : CVE-2026-42232

CVE.ORG link : CVE-2026-42232

JSON object : View

Products Affected

n8n

n8n

CWE

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

{"id": "CVE-2026-42232", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.4, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-05-04T19:16:05.610", "references": [{"url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-hqr4-h3xv-9m3r", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-1321"}]}], "descriptions": [{"lang": "en", "value": "n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype pollution. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1."}], "lastModified": "2026-05-06T17:15:28.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:n8n:n8n:*:*:*:*:enterprise:node.js:*:*", "vulnerable": true, "matchCriteriaId": "A074B1B0-1C40-4969-A3D2-F4E86B4BAED3", "versionEndExcluding": "1.123.32"}, {"criteria": "cpe:2.3:a:n8n:n8n:*:*:*:*:enterprise:node.js:*:*", "vulnerable": true, "matchCriteriaId": "F00CA27A-4FD7-45A8-BE8D-DABFAD902806", "versionEndExcluding": "2.17.4", "versionStartIncluding": "2.17.0"}, {"criteria": "cpe:2.3:a:n8n:n8n:2.18.0:*:*:*:enterprise:node.js:*:*", "vulnerable": true, "matchCriteriaId": "D4858098-0175-4680-B6C9-C19CEB451DBA"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}