CVE-2026-42232— n8n: XML Node Prototype Pollution to RCE
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-42232
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
n8n: XML Node Prototype Pollution to RCE
Source: NVD (National Vulnerability Database)
Vulnerability Description
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype pollution. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1321
Source: NVD (National Vulnerability Database)
Vulnerability Title
n8n 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
n8n是n8n开源的一个可扩展的工作流自动化工具。 n8n 1.123.32之前版本、2.17.4之前版本和2.18.1之前版本存在安全漏洞,该漏洞源于XML节点导致全局原型污染,可能导致经过身份验证的用户结合其他节点利用原型污染实现远程代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-42232
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-42232
请登录查看更多情报信息。
- XML Node Prototype Pollution to RCE · Advisory · n8n-io/n8n · GitHubx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2026-42232
Same Patch Batch · n8n-io · 2026-05-04 · 12 CVEs total
| CVE-2026-42233 | n8n: SQL Injection in Oracle Database Node via Limit Field | |
| CVE-2026-42229 | n8n: SQL Injection in SeaTable Node | |
| CVE-2026-42228 | n8n: Hijacking of Unauthenticated Chat Execution | |
| CVE-2026-42235 | n8n: XSS via MCP OAuth client | |
| CVE-2026-42236 | n8n: Unauthenticated Denial of Service via MCP Client Registration | |
| CVE-2026-42237 | n8n: SQL Injection in Snowflake and MySQL Nodes | |
| CVE-2026-42226 | n8n: Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Rep | |
| CVE-2026-42230 | n8n: Open Redirect in MCP OAuth Consent Flow | |
| CVE-2026-42234 | n8n: Python Task Runner Sandbox Escape | |
| CVE-2026-42227 | n8n: Public API Variables IDOR Allows Cross-Project Secret Disclosure | |
| CVE-2026-42231 | n8n: Prototype Pollution in XML Webhook Body Parser Leads to RCE |
IV. Related Vulnerabilities
Same product: n8n
- CVE-2026-42237
n8n: SQL Injection in Snowflake and MySQL Nodes - CVE-2026-42236
n8n: Unauthenticated Denial of Service via MCP Client Regist - CVE-2026-42235
n8n: XSS via MCP OAuth client - CVE-2026-42234
n8n: Python Task Runner Sandbox Escape - CVE-2026-42233
n8n: SQL Injection in Oracle Database Node via Limit Field
Same vendor: n8n-io
- CVE-2026-42237
n8n: SQL Injection in Snowflake and MySQL Nodes - CVE-2026-42236
n8n: Unauthenticated Denial of Service via MCP Client Regist - CVE-2026-42235
n8n: XSS via MCP OAuth client - CVE-2026-42234
n8n: Python Task Runner Sandbox Escape - CVE-2026-42233
n8n: SQL Injection in Oracle Database Node via Limit Field
Same weakness: CWE-1321
- CVE-2026-42264
Axios: Prototype pollution read-side gadgets in HTTP adapter - CVE-2026-42231
n8n: Prototype Pollution in XML Webhook Body Parser Leads to - CVE-2026-42077
Evolver: Prototype Pollution via `Object.assign()` in mailbo - CVE-2026-42033
Axios: Prototype Pollution Gadgets - Response Tampering, Dat - CVE-2026-6621
1024bit extend-deep index.js prototype pollution
V. Comments for CVE-2026-42232
No comments yet