Global Prototype Pollution in n8n Workflow Automation Platform
CVE-2026-54312
7.2HIGH
What is CVE-2026-54312?
n8n is an open-source workflow automation platform that suffers from a global prototype pollution vulnerability. This issue allows authenticated users with workflow creation or modification permissions to manipulate the Microsoft SQL node by providing a crafted value as the table parameter. This manipulation affects the Object.prototype across the entire server process, leading to widespread application validation failures and potentially rendering the n8n instance entirely non-functional until a restart occurs. The issue has been resolved in version 2.24.0.
Affected Version(s)
n8n < 2.24.0
