CVE-2026-42232 Overview
CVE-2026-42232 is a prototype pollution vulnerability in n8n, an open source workflow automation platform. The flaw resides in the XML Node component and allows an authenticated user with permissions to create or modify workflows to pollute the global JavaScript prototype chain. When chained with other nodes that consume the polluted properties, the issue escalates to remote code execution (RCE) on the n8n server. The vulnerability affects n8n versions prior to 1.123.32, 2.17.4, and 2.18.1. It is tracked under CWE-1321, Improperly Controlled Modification of Object Prototype Attributes.
Critical Impact
Authenticated workflow editors can achieve remote code execution on the n8n host, exposing credentials, secrets, and downstream automation targets.
Affected Products
- n8n versions prior to 1.123.32 (1.x release line)
- n8n versions prior to 2.17.4 (2.17.x release line)
- n8n versions prior to 2.18.1 (2.18.x release line, including 2.18.0)
Discovery Timeline
- 2026-05-04 - CVE-2026-42232 published to NVD
- 2026-05-06 - Last updated in NVD database
Technical Details for CVE-2026-42232
Vulnerability Analysis
The vulnerability stems from how the XML Node parses untrusted input into JavaScript objects. The parser fails to sanitize keys such as __proto__, constructor, and prototype when converting XML structures into objects. An attacker who can author or edit a workflow can craft an XML payload that injects properties onto Object.prototype, affecting every object in the running Node.js process.
Property pollution alone does not yield code execution. However, n8n executes user-defined workflows that pass data through additional nodes, including those that perform template rendering, expression evaluation, or HTTP request construction. When a downstream node reads a property that the attacker injected through the prototype chain, the polluted value is interpreted as configuration or executable expression. This gadget chain converts the pollution primitive into RCE in the n8n worker process.
Root Cause
The root cause is unsafe recursive merging or assignment within the XML-to-object conversion routine. The parser does not block reserved keys, allowing controlled writes to Object.prototype. This matches CWE-1321.
Attack Vector
The attack requires network access to the n8n instance and authenticated credentials with workflow create or modify permissions. The attacker submits a workflow that uses the XML Node to parse a crafted payload. Once executed, the polluted prototype affects subsequent node operations within the same Node.js process, enabling code execution under the n8n service account.
No public proof-of-concept code is available. Refer to the GitHub Security Advisory GHSA-hqr4-h3xv-9m3r for vendor-confirmed details.
Detection Methods for CVE-2026-42232
Indicators of Compromise
- Workflow definitions containing XML payloads with keys such as __proto__, constructor.prototype, or prototype passed to the XML Node.
- Unexpected child processes spawned by the n8n Node.js process, including sh, bash, curl, wget, or node -e invocations.
- Outbound network connections from the n8n host to unknown infrastructure shortly after workflow execution.
- New or modified workflows authored by accounts that do not normally edit automations.
Detection Strategies
- Audit workflow JSON exports for XML Node configurations referencing prototype-related keys.
- Inspect n8n execution logs for errors involving Object.prototype modification or unexpected property access.
- Monitor process trees for the n8n service to identify shell or interpreter spawns that deviate from baseline behavior.
- Correlate authentication events for workflow editors with subsequent execution anomalies on the host.
Monitoring Recommendations
- Forward n8n application and audit logs to a centralized SIEM or data lake for retention and correlation.
- Enable host-based telemetry on the n8n server to capture process creation, file modification, and outbound network events.
- Alert on changes to workflows that include the XML Node, especially when authored by non-administrative accounts.
How to Mitigate CVE-2026-42232
Immediate Actions Required
- Upgrade n8n to 1.123.32, 2.17.4, or 2.18.1 depending on your release line.
- Review all accounts with workflow create or modify permissions and revoke access that is not required.
- Audit existing workflows that use the XML Node and remove or replace untrusted ones.
- Rotate credentials and API keys stored in n8n if compromise is suspected.
Patch Information
The n8n maintainers released fixed builds in versions 1.123.32, 2.17.4, and 2.18.1. The patch sanitizes object keys during XML parsing to prevent assignment to prototype properties. See the GitHub Security Advisory GHSA-hqr4-h3xv-9m3r for the official remediation notice.
Workarounds
- Restrict workflow editor permissions to a small set of trusted administrators until patching is complete.
- Disable or remove the XML Node from workflows that process untrusted input.
- Run n8n in an isolated container with minimal host privileges and outbound network restrictions to limit the impact of RCE.
- Apply network segmentation so the n8n service cannot reach sensitive internal systems directly.
# Configuration example: upgrade n8n via npm to a patched release
npm install -g n8n@2.18.1
# Or pull the patched Docker image
docker pull n8nio/n8n:2.18.1
docker stop n8n && docker rm n8n
docker run -d --name n8n -p 5678:5678 n8nio/n8n:2.18.1
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
