{"data":{"id":"e3c66782-c0c7-4b03-9c6d-3ddb384564b5","title":"GHSA-hqr4-h3xv-9m3r: n8n has XML Node Prototype Pollution that to RCE","summary":"A vulnerability in n8n (a workflow automation tool) allows authenticated users to exploit the XML Node through prototype pollution (a technique where an attacker modifies object properties that affect all instances of that object type) to achieve RCE (remote code execution, where attackers can run arbitrary commands on the system). This is particularly dangerous because it affects users with permission to create or edit workflows.","solution":"The vulnerability has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1 or later. If immediate upgrade is not possible, administrators can temporarily: (1) Limit workflow creation and editing permissions to fully trusted users only, or (2) Disable the XML node by adding `n8n-nodes-base.xml` to the `NODES_EXCLUDE` environment variable. The source notes these workarounds do not fully remediate the risk and are only short-term measures.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-hqr4-h3xv-9m3r","publishedAt":"2026-04-29T21:25:53.000Z","cveId":"CVE-2026-42232","cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["model_poisoning"],"issueType":"vulnerability","affectedPackages":["n8n@< 1.123.32 (fixed: 1.123.32)","n8n@>= 2.17.0, < 2.17.4 (fixed: 2.17.4)","n8n@>= 2.18.0, < 2.18.1 (fixed: 2.18.1)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["n8n"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-04-29T21:25:53.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}