CVE-2026-42232

High

Published: 04 May 2026

Published

04 May 2026

Modified

06 May 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0013 31.6th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with…

other nodes exploiting the prototype pollution. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.

Security SummaryAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-1321

Affected Products

n8n

2.18.0 · ≤ 1.123.32 · 2.17.0 — 2.17.4

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-hqr4-h3xv-9m3r
Vendor Advisory · security-advisories@github.com