CVE-2026-42231 Overview
CVE-2026-42231 is a prototype pollution vulnerability in n8n, an open source workflow automation platform. The flaw resides in the xml2js library used by n8n's webhook handler to parse XML request bodies. An authenticated user with permission to create or modify workflows can submit a crafted XML payload that pollutes the JavaScript object prototype. By chaining this pollution with the Git node's SSH operations, an attacker can achieve remote code execution on the n8n host.
The issue is fixed in versions 1.123.32, 2.17.4, and 2.18.1. The weakness is tracked under [CWE-1321] (Improperly Controlled Modification of Object Prototype Attributes).
Critical Impact
Authenticated workflow editors can pollute the JavaScript prototype chain through crafted XML webhook payloads and pivot to remote code execution on the n8n host via Git node SSH operations.
Affected Products
- n8n versions prior to 1.123.32
- n8n versions prior to 2.17.4
- n8n version 2.18.0 and earlier in the 2.18.x branch
Discovery Timeline
- 2026-05-04 - CVE-2026-42231 published to NVD
- 2026-05-06 - Last updated in NVD database
Technical Details for CVE-2026-42231
Vulnerability Analysis
The vulnerability arises from how n8n processes XML webhook request bodies. The webhook handler delegates XML parsing to the xml2js library, which converts XML attributes and elements into JavaScript object properties. When the parser encounters specially crafted keys such as __proto__, constructor, or prototype, it writes attacker-controlled values onto Object.prototype. Every JavaScript object in the running n8n process then inherits the polluted properties.
Property pollution alone does not yield code execution. The exploit chain leverages the n8n Git node, which performs SSH operations and reads configuration values from objects that fall back to inherited properties. By poisoning fields the Git node consumes during SSH command construction, an attacker influences process spawning logic and executes arbitrary commands on the n8n host.
Root Cause
The xml2js parser used by n8n did not strip or reject XML keys that map to dangerous prototype attributes. Combined with downstream consumers that trusted inherited object properties, the parser became a sink for [CWE-1321] prototype pollution.
Attack Vector
Exploitation requires network access to the n8n instance and an authenticated account with workflow create or modify permissions. The attacker sends an XML payload to a webhook endpoint backed by a workflow that parses XML input. Once the prototype is polluted, executing a workflow that uses the Git node triggers SSH operations under attacker-controlled parameters, resulting in remote code execution in the context of the n8n process.
No public proof-of-concept code is referenced in the advisory. Refer to the n8n GitHub Security Advisory GHSA-q5f4-99jv-pgg5 for vendor-provided technical context.
Detection Methods for CVE-2026-42231
Indicators of Compromise
- XML webhook payloads containing keys such as __proto__, constructor, or prototype reaching n8n endpoints.
- Unexpected child processes spawned by the n8n Node.js process, particularly ssh, git, or shell interpreters with anomalous arguments.
- Outbound SSH connections from the n8n host to destinations not present in legitimate workflow configurations.
- Modifications to workflows that introduce Git nodes shortly after webhook activity from low-privilege accounts.
Detection Strategies
- Inspect webhook request bodies for XML elements or attributes that match prototype pollution patterns and alert on matches.
- Correlate workflow creation or update events with subsequent Git node executions originating from the same user session.
- Baseline normal child process trees of the n8n service and flag deviations involving SSH or shell binaries.
Monitoring Recommendations
- Forward n8n application logs, audit logs, and host process telemetry to a centralized analytics platform for correlation.
- Track authenticated API calls that modify workflows, focusing on accounts with the workflow editor role.
- Monitor egress network flows from n8n hosts on TCP/22 and other SSH-related ports for unexpected destinations.
How to Mitigate CVE-2026-42231
Immediate Actions Required
- Upgrade n8n to 1.123.32, 2.17.4, or 2.18.1 depending on the deployed release branch.
- Audit all user accounts with workflow create or modify permissions and revoke access that is not required.
- Review recent workflow changes and webhook activity for indicators consistent with prototype pollution attempts.
- Rotate SSH keys and credentials accessible to the n8n host if compromise is suspected.
Patch Information
The vendor has released fixed builds. Apply version 1.123.32 for the 1.x line, 2.17.4 for the 2.17 line, or 2.18.1 for the 2.18 line. See the n8n GitHub Security Advisory GHSA-q5f4-99jv-pgg5 for the complete fix description.
Workarounds
- Restrict webhook endpoints to trusted networks using a reverse proxy or web application firewall until patching is complete.
- Filter inbound XML payloads at the proxy layer to drop requests containing __proto__, constructor, or prototype keys.
- Disable or remove Git node usage in workflows that are not strictly required to break the documented exploit chain.
- Enforce least-privilege role assignments so that only trusted users can create or edit workflows that handle XML input.
# Upgrade n8n via npm to a patched release
npm install -g n8n@2.18.1
# Or pull the patched Docker image
docker pull n8nio/n8n:2.18.1
docker stop n8n && docker rm n8n
docker run -d --name n8n -p 5678:5678 n8nio/n8n:2.18.1
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
