Global Prototype Pollution in n8n Workflow Automation Platform
CVE-2026-54312

7.2HIGH

Key Information:

Vendor

N8n-io

Status
Vendor
CVE Published:
23 June 2026

What is CVE-2026-54312?

n8n is an open-source workflow automation platform that suffers from a global prototype pollution vulnerability. This issue allows authenticated users with workflow creation or modification permissions to manipulate the Microsoft SQL node by providing a crafted value as the table parameter. This manipulation affects the Object.prototype across the entire server process, leading to widespread application validation failures and potentially rendering the n8n instance entirely non-functional until a restart occurs. The issue has been resolved in version 2.24.0.

Affected Version(s)

n8n < 2.24.0

References

CVSS V4

Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.