{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/n8n-source-control/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["n8n (Pagination Prototype Pollution)","n8n (Dynamic Credential OAuth Endpoints)","n8n (Source Control)","n8n (XML Node Prototype Pollution)","n8n (Git Node)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","patch"],"_cs_type":"advisory","_cs_vendors":["n8n GmbH"],"content_html":"\u003cp\u003eOn May 13, 2026, n8n published security advisories to address vulnerabilities affecting multiple n8n products. These vulnerabilities span various areas of the platform, including prototype pollution in pagination and XML node handling, issues in dynamic credential OAuth endpoints, and vulnerabilities within source control and Git node functionalities. These flaws could potentially allow attackers to perform unauthorized actions, manipulate data, or gain elevated privileges within the n8n environment. Organizations using n8n are urged to review the advisories and apply the necessary updates promptly to mitigate potential risks. The specific versions affected are not detailed, but users should consult the n8n Security page for full information.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003cp\u003eDue to the generic nature of the advisory and the lack of specific vulnerability details, a detailed attack chain cannot be accurately constructed. However, a generalized attack chain based on the vulnerability types can be hypothesized:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable n8n instance.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution (Pagination/XML Node):\u003c/strong\u003e The attacker crafts malicious input targeting the pagination or XML node processing functionality.\u003c/li\u003e\n\u003cli\u003eThis input injects properties into the JavaScript prototype chain.\u003c/li\u003e\n\u003cli\u003eThe injected properties overwrite existing object properties or methods.\u003c/li\u003e\n\u003cli\u003eSubsequent operations within n8n use the modified prototype.\u003c/li\u003e\n\u003cli\u003eThis leads to unexpected behavior, such as unauthorized data access or command execution.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDynamic Credential OAuth Endpoints:\u003c/strong\u003e The attacker exploits a flaw in OAuth endpoint validation.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to user credentials or n8n resources.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities could lead to a range of impacts, including unauthorized access to sensitive data, modification of n8n workflows, and potentially, remote code execution depending on the specifics of each vulnerability. The advisory does not specify the number of affected organizations. If left unpatched, attackers could leverage these vulnerabilities to compromise n8n instances and potentially pivot to other systems within the network.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReview the n8n security advisories linked in the references and identify the specific vulnerabilities affecting your n8n deployments (\u003ca href=\"https://github.com/n8n-io/n8n/security\"\u003en8n Security\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eApply the necessary updates provided by n8n to address the identified vulnerabilities across all affected products: n8n (Pagination Prototype Pollution), n8n (Dynamic Credential OAuth Endpoints), n8n (Source Control), n8n (XML Node Prototype Pollution), and n8n (Git Node).\u003c/li\u003e\n\u003cli\u003eImplement a web application firewall (WAF) with rules to detect and block common prototype pollution attack patterns targeting pagination and XML processing, mitigating potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eEnable detailed logging for n8n workflows and API requests to facilitate incident response and forensic analysis in case of exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T13:16:32Z","date_published":"2026-05-13T13:16:32Z","id":"https://feed.craftedsignal.io/briefs/2026-05-n8n-vulns/","summary":"On May 13, 2026, n8n released security advisories addressing vulnerabilities in several products, including prototype pollution and OAuth endpoint issues.","title":"n8n Patches Multiple Vulnerabilities Across Products","url":"https://feed.craftedsignal.io/briefs/2026-05-n8n-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — N8n (Source Control)","version":"https://jsonfeed.org/version/1.1"}