GHSA-x6p3-m6h9-fx7r: n8n: Microsoft SQL Node Prototype Pollution
Summary
A vulnerability in n8n (a workflow automation tool) allows authenticated users to perform prototype pollution (a type of attack that modifies the base object all objects inherit from) through the Microsoft SQL node by providing a specially crafted table parameter. This attack can completely break the n8n instance by causing validation failures across the entire application until the server is restarted.
Solution / Mitigation
The issue has been fixed in n8n version 2.24.0. Users should upgrade to this version or later. If upgrading immediately is not possible, administrators can temporarily: (1) restrict workflow creation and editing permissions to trusted users only, or (2) disable the Microsoft SQL node by adding `n8n-nodes-base.microsoftSql` to the `NODES_EXCLUDE` environment variable. The source notes these workarounds do not fully remediate the risk and should only be used as short-term measures.
Vulnerability Details
EPSS: 0.0%
Yes
June 16, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-x6p3-m6h9-fx7r
First tracked: June 16, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 85%