CVE-2026-42232
Published: 04 May 2026
Summary
CVE-2026-42232 is a high-severity Prototype Pollution (CWE-1321) vulnerability in N8N N8N. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authenticated workflow modification in exposed n8n instance directly enables exploitation of prototype pollution for RCE on the server.
NVD Description
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with…
more
other nodes exploiting the prototype pollution. This issue has been patched in versions 1.123.32, 2.17.4, and 2.18.1.
Deeper analysisAI
Automated synthesis unavailable for this CVE.
Details
- CWE(s)