n8n Prototype Pollution in XML Webhook Body Parser Leads to RCE

A critical vulnerability exists within the n8n workflow automation platform, specifically affecting the parsing of XML request bodies in webhook handlers. This flaw stems from the use of the xml2js library, which is susceptible to prototype pollution attacks. An authenticated user possessing the capability to create or modify workflows can leverage this vulnerability by sending a specially crafted XML payload. Successful exploitation results in the pollution of the JavaScript object prototype. Attackers can chain this pollution with the Git node’s SSH operations to achieve arbitrary remote code execution (RCE) on the underlying n8n host. The vulnerability affects n8n versions prior to 1.123.32, versions 2.17.0 to 2.17.3, and versions 2.18.0 to 2.18.0.

Attack Chain

1. An attacker authenticates to the n8n instance.
2. The attacker crafts a malicious XML payload designed to exploit the prototype pollution vulnerability in the xml2js library.
3. The attacker creates or modifies a workflow containing a webhook node configured to receive XML data.
4. The attacker sends the crafted XML payload to the webhook endpoint.
5. The xml2js library parses the malicious XML, inadvertently polluting the JavaScript object prototype with attacker-controlled properties.
6. The attacker includes a Git node in the workflow.
7. The polluted prototype modifies the behavior of the Git node’s SSH operations.
8. When the workflow executes, the Git node’s SSH operation is hijacked due to the prototype pollution, leading to arbitrary code execution on the n8n host.

Impact

Successful exploitation allows a malicious actor to execute arbitrary code on the n8n server. This grants them complete control over the n8n instance and potentially the underlying infrastructure. The vulnerability impacts any n8n instance accessible to authenticated users who can create or modify workflows. The number of affected installations is unknown, but the potential impact is high due to the sensitive nature of workflows often managed by n8n, which can include access to other systems and data.

Recommendation

• Upgrade n8n to version 1.123.32, 2.17.4, 2.18.1, or later to patch the vulnerability as described in the overview.
• Deploy the Sigma rule “Detect n8n Prototype Pollution via Crafted XML Payload” to detect malicious XML payloads targeting the vulnerability. Enable webserver logs to activate this rule.
• Limit workflow creation and editing permissions to trusted users to mitigate the risk of exploitation, as described in the workaround.