CVE-2026-42232
published 2026-05-04CVE-2026-42232: n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify…
PriorityP356high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.48%
37.7th percentile
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype pollution. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| n8n-io | n8n | < 1.123.43 | 1.123.43 |
| n8n-io | n8n | — | — |
| n8n-io | n8n | — | — |
| n8n | n8n | < 1.123.43 | 1.123.43 |
| n8n | n8n | < 1.123.32 | 1.123.32 |
| n8n | n8n | — | — |
| n8n | n8n | >= 0 < 1.123.32 | 1.123.32 |
| n8n | n8n | >= 2.0.0 < 2.20.7 | 2.20.7 |
| n8n | n8n | >= 2.17.0 < 2.17.4 | 2.17.4 |
| n8n | n8n | >= 2.17.0 < 2.17.4 | 2.17.4 |
| n8n | n8n | >= 2.18.0 < 2.18.1 | 2.18.1 |
| n8n | n8n | >= 2.21.0 < 2.22.1 | 2.22.1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.4CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
n8n-io n8n up to 1.123.31/2.17.3/2.18.0 prototype pollution (GHSA-hqr4-h3xv-9m3r)
vuldb·2026-05-04·CVSS 9.4
CVE-2026-42232 [CRITICAL] n8n-io n8n up to 1.123.31/2.17.3/2.18.0 prototype pollution (GHSA-hqr4-h3xv-9m3r)
A vulnerability, which was classified as critical, was found in n8n-io n8n up to 1.123.31/2.17.3/2.18.0. This vulnerability affects unknown code. Such manipulation leads to improperly controlled modification of object prototype attributes.
This vulnerability is traded as CVE-2026-42232. The attack may be launched remotely. There is no exploit available.
You should upgrade the affected component.
GHSA
n8n has XML Node Prototype Pollution that to RCE
ghsa·2026-04-29
CVE-2026-42232 [CRITICAL] CWE-1321 n8n has XML Node Prototype Pollution that to RCE
n8n has XML Node Prototype Pollution that to RCE
## Impact
An authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype pollution.
## Patches
The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Users should upgrade to one of these versions or later to remediate the vulnerability.
## Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
- Limit workflow creation and editing permissions to fully trusted users only.
- Disable the XML node by adding `n8n-nodes-base.xml` to the `NODES_EXCLUDE` environment variable.
These workarounds do not fully remediate the risk and sho
No detection rules found.
No public exploits indexed.
Hackernews
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
blogs_hackernews·2026-05-18·CVSS 6.1
CVE-2026-42897 [MEDIUM] ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted.
The pattern is clear. One weak dependency can leak keys. One leaked key can open cloud access. One cloud foothold can become a production incident. AI is speeding up vulnerability discovery, attackers are moving quickly, and old exposure still keeps paying off.
Patch the quiet risks first. Let’s g
Hackernews
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
blogs_hackernews·2026-05-18·CVSS 9.8
CVE-2026-8043 [CRITICAL] Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code.
Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.6) that could be exploited to achieve information disclosure or client-side attacks.
"External control of a file name in Ivanti Xtraction before version 2026.2 allows a remote authenticated attacker to read sensitive files and write arbitrary HTML files to a web
2026-05-04
Published