Prototype Pollution in N8n-io N8n

CVE-2026-54306

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, a prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object cop…

Vulnerability class: Prototype Pollution

Affected products

N8n-io N8n — versions >= 2.26.0, < 2.26.2, < 2.25.7

Weakness classification (CWE)

CWE-1321 — Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution)

References

security-advisories@github.com (x_refsource_CONFIRM)