Prototype Pollution in N8n-io N8n

CVE-2026-33696

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GS…

Vulnerability class: Prototype Pollution

EPSS: 0.002 (43.4th percentile) — read the EPSS interpretation.

Affected products

N8n-io N8n — versions < 1.123.27, >= 2.0.0-rc.0, < 2.13.3, = 2.14.0

Weakness classification (CWE)

CWE-1321 — Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution)

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-mxrg-77hm-89hv (x_refsource_CONFIRM)