{"data":{"id":"336253ad-c1ad-4f2a-978e-fc6d190ce429","title":"GHSA-x6p3-m6h9-fx7r: n8n: Microsoft SQL Node Prototype Pollution","summary":"A vulnerability in n8n (a workflow automation tool) allows authenticated users to perform prototype pollution (a type of attack that modifies the base object all objects inherit from) through the Microsoft SQL node by providing a specially crafted table parameter. This attack can completely break the n8n instance by causing validation failures across the entire application until the server is restarted.","solution":"The issue has been fixed in n8n version 2.24.0. Users should upgrade to this version or later. If upgrading immediately is not possible, administrators can temporarily: (1) restrict workflow creation and editing permissions to trusted users only, or (2) disable the Microsoft SQL node by adding `n8n-nodes-base.microsoftSql` to the `NODES_EXCLUDE` environment variable. The source notes these workarounds do not fully remediate the risk and should only be used as short-term measures.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-x6p3-m6h9-fx7r","publishedAt":"2026-06-16T22:38:52.000Z","cveId":"CVE-2026-54312","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":["n8n@< 2.24.0 (fixed: 2.24.0)"],"affectedVendors":[],"affectedVendorsRaw":["n8n"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-06-16T22:38:52.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}