{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/n8n/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["n8n"],"_cs_severities":["critical"],"_cs_tags":["rce","prototype pollution","n8n"],"_cs_type":"advisory","_cs_vendors":["npm"],"content_html":"\u003cp\u003eA critical vulnerability, CVE-2026-42232, exists within the n8n workflow automation tool. This flaw allows an authenticated user, who possesses permissions to create or modify workflows, to achieve remote code execution (RCE). The attack vector involves exploiting global prototype pollution through the XML Node. Versions affected include those prior to 1.123.32, versions 2.17.0 up to but not including 2.17.4, and versions 2.18.0 up to but not including 2.18.1. Defenders should prioritize patching n8n instances due to the high potential for complete system compromise if exploited.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker authenticates to an n8n instance with workflow creation/modification privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious workflow that leverages the XML Node to inject a payload designed to trigger prototype pollution.\u003c/li\u003e\n\u003cli\u003eThe crafted XML node manipulates global object prototypes within the n8n application.\u003c/li\u003e\n\u003cli\u003eThe attacker introduces a property into a global object prototype that can be exploited by another node.\u003c/li\u003e\n\u003cli\u003eThe attacker adds a secondary node (e.g., Function node) that leverages the polluted prototype property.\u003c/li\u003e\n\u003cli\u003eThe secondary node\u0026rsquo;s execution triggers the polluted prototype, leading to arbitrary code execution.\u003c/li\u003e\n\u003cli\u003eThe attacker executes arbitrary commands on the n8n server.\u003c/li\u003e\n\u003cli\u003eThe attacker gains complete control of the n8n server, potentially leading to data exfiltration, lateral movement, or other malicious activities.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to execute arbitrary code on the n8n server. This can lead to full system compromise, including data exfiltration, credential theft, and lateral movement within the network. Given the nature of n8n as an automation platform, successful attacks can severely impact connected systems and services. This vulnerability affects n8n users who have not upgraded to patched versions.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade n8n to version 1.123.32, 2.17.4, 2.18.1, or later to remediate CVE-2026-42232.\u003c/li\u003e\n\u003cli\u003eAs a temporary mitigation, limit workflow creation and editing permissions to only fully trusted users as suggested in the advisory.\u003c/li\u003e\n\u003cli\u003eAs a temporary mitigation, disable the XML node by adding \u003ccode\u003en8n-nodes-base.xml\u003c/code\u003e to the \u003ccode\u003eNODES_EXCLUDE\u003c/code\u003e environment variable as suggested in the advisory.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-29T21:25:53Z","date_published":"2026-04-29T21:25:53Z","id":"/briefs/2024-01-n8n-rce/","summary":"A vulnerability in n8n allows authenticated users with workflow creation permissions to achieve remote code execution (RCE) through global prototype pollution via the XML Node in versions prior to 1.123.32, versions 2.17.0 to 2.17.4, and versions 2.18.0 to 2.18.1.","title":"n8n XML Node Prototype Pollution Leading to RCE","url":"https://feed.craftedsignal.io/briefs/2024-01-n8n-rce/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["n8n"],"_cs_severities":["high"],"_cs_tags":["xss","oauth","n8n","CVE-2026-42235"],"_cs_type":"advisory","_cs_vendors":["npm"],"content_html":"\u003cp\u003en8n, a workflow automation platform, is susceptible to a cross-site scripting (XSS) vulnerability (CVE-2026-42235) related to the registration of malicious MCP OAuth clients. An unauthenticated attacker can register an OAuth client with a crafted \u003ccode\u003eclient_name\u003c/code\u003e containing malicious JavaScript. This vulnerability exists in versions prior to 2.14.2 and also affects versions 2.17.0 to 2.17.3 and 2.18.0. A successful exploit allows the attacker to execute arbitrary JavaScript within a victim\u0026rsquo;s authenticated n8n session, potentially leading to credential theft, session token theft, workflow manipulation, or privilege escalation. Defenders should prioritize patching to version 2.14.2 or later to mitigate the risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker registers a malicious MCP OAuth client with a crafted \u003ccode\u003eclient_name\u003c/code\u003e containing XSS payload.\u003c/li\u003e\n\u003cli\u003eA victim user navigates to the n8n instance and is presented with the malicious OAuth consent dialog.\u003c/li\u003e\n\u003cli\u003eThe victim user authorizes the malicious OAuth client, unknowingly injecting the attacker\u0026rsquo;s script into their session.\u003c/li\u003e\n\u003cli\u003eA second user, possibly an administrator, revokes the OAuth access granted to the malicious client.\u003c/li\u003e\n\u003cli\u003eThis revocation triggers a toast notification to the original victim user.\u003c/li\u003e\n\u003cli\u003eThe toast notification renders the attacker\u0026rsquo;s injected script from the crafted \u003ccode\u003eclient_name\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe victim user clicks on the link within the toast notification.\u003c/li\u003e\n\u003cli\u003eThe injected JavaScript executes within the victim\u0026rsquo;s authenticated n8n browser session, enabling the attacker to perform malicious actions such as stealing credentials, manipulating workflows, or escalating privileges.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this XSS vulnerability can lead to significant compromise of an n8n instance. Attackers can steal user credentials and session tokens, allowing them to impersonate legitimate users. Malicious actors could also modify or create workflows, leading to data breaches, system disruption, or unauthorized access. Privilege escalation is also possible, potentially granting attackers administrative control over the n8n platform. The number of potential victims depends on the exposure and user base of the vulnerable n8n instances.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade n8n to version 2.14.2 or later to patch CVE-2026-42235, as recommended in the advisory.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious n8n MCP OAuth Client Registration\u003c/code\u003e to identify attempts to register OAuth clients with suspicious names.\u003c/li\u003e\n\u003cli\u003eIf immediate patching is not feasible, restrict access to the n8n instance and the MCP OAuth registration endpoint to trusted users only, as suggested in the advisory\u0026rsquo;s workaround.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-29T21:25:44Z","date_published":"2026-04-29T21:25:44Z","id":"/briefs/2026-05-n8n-xss-oauth/","summary":"n8n is vulnerable to cross-site scripting (XSS) via a malicious MCP OAuth client, allowing an unauthenticated attacker to inject arbitrary JavaScript into an authenticated user's session.","title":"n8n MCP OAuth Client XSS Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-n8n-xss-oauth/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["n8n"],"_cs_severities":["critical"],"_cs_tags":["prototype-pollution","rce","n8n"],"_cs_type":"advisory","_cs_vendors":["npm"],"content_html":"\u003cp\u003eA critical vulnerability exists within the n8n workflow automation platform, specifically affecting the parsing of XML request bodies in webhook handlers. This flaw stems from the use of the \u003ccode\u003exml2js\u003c/code\u003e library, which is susceptible to prototype pollution attacks. An authenticated user possessing the capability to create or modify workflows can leverage this vulnerability by sending a specially crafted XML payload. Successful exploitation results in the pollution of the JavaScript object prototype. Attackers can chain this pollution with the Git node\u0026rsquo;s SSH operations to achieve arbitrary remote code execution (RCE) on the underlying n8n host. The vulnerability affects n8n versions prior to 1.123.32, versions 2.17.0 to 2.17.3, and versions 2.18.0 to 2.18.0.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker authenticates to the n8n instance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious XML payload designed to exploit the prototype pollution vulnerability in the \u003ccode\u003exml2js\u003c/code\u003e library.\u003c/li\u003e\n\u003cli\u003eThe attacker creates or modifies a workflow containing a webhook node configured to receive XML data.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted XML payload to the webhook endpoint.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003exml2js\u003c/code\u003e library parses the malicious XML, inadvertently polluting the JavaScript object prototype with attacker-controlled properties.\u003c/li\u003e\n\u003cli\u003eThe attacker includes a Git node in the workflow.\u003c/li\u003e\n\u003cli\u003eThe polluted prototype modifies the behavior of the Git node\u0026rsquo;s SSH operations.\u003c/li\u003e\n\u003cli\u003eWhen the workflow executes, the Git node\u0026rsquo;s SSH operation is hijacked due to the prototype pollution, leading to arbitrary code execution on the n8n host.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows a malicious actor to execute arbitrary code on the n8n server. This grants them complete control over the n8n instance and potentially the underlying infrastructure. The vulnerability impacts any n8n instance accessible to authenticated users who can create or modify workflows. The number of affected installations is unknown, but the potential impact is high due to the sensitive nature of workflows often managed by n8n, which can include access to other systems and data.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade n8n to version 1.123.32, 2.17.4, 2.18.1, or later to patch the vulnerability as described in the overview.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect n8n Prototype Pollution via Crafted XML Payload\u0026rdquo; to detect malicious XML payloads targeting the vulnerability. Enable webserver logs to activate this rule.\u003c/li\u003e\n\u003cli\u003eLimit workflow creation and editing permissions to trusted users to mitigate the risk of exploitation, as described in the workaround.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-29T21:25:02Z","date_published":"2026-04-29T21:25:02Z","id":"/briefs/2026-04-n8n-rce/","summary":"A prototype pollution vulnerability in n8n's XML webhook parser, exploitable by authenticated users, can lead to remote code execution on the n8n host.","title":"n8n Prototype Pollution in XML Webhook Body Parser Leads to RCE","url":"https://feed.craftedsignal.io/briefs/2026-04-n8n-rce/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["n8n"],"_cs_severities":["high"],"_cs_tags":["sandbox-escape","code-execution","vulnerability"],"_cs_type":"advisory","_cs_vendors":["n8n"],"content_html":"\u003cp\u003eA sandbox escape vulnerability has been identified in the Python Task Runner of n8n, a workflow automation platform. This vulnerability, assigned CVE-2026-42234, allows an authenticated user who has permissions to create or modify workflows that contain a Python Code Node to escape the sandbox environment. Successful exploitation leads to arbitrary code execution within the task runner container. This issue specifically impacts n8n instances where the Python Task Runner is enabled. The vulnerability affects n8n versions prior to 1.123.32, versions between 2.17.0 and 2.17.4, and versions between 2.18.0 and 2.18.1. Defenders should prioritize patching their n8n instances or implementing available workarounds.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains authenticated access to an n8n instance.\u003c/li\u003e\n\u003cli\u003eThe attacker verifies the Python Task Runner is enabled.\u003c/li\u003e\n\u003cli\u003eThe attacker creates or modifies an n8n workflow.\u003c/li\u003e\n\u003cli\u003eThe workflow includes a Python Code Node.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts malicious Python code designed to escape the sandbox. This code could leverage vulnerabilities in the sandbox implementation to execute commands outside of the intended restricted environment.\u003c/li\u003e\n\u003cli\u003eThe attacker triggers the workflow execution.\u003c/li\u003e\n\u003cli\u003eThe malicious Python code executes, successfully escaping the sandbox.\u003c/li\u003e\n\u003cli\u003eArbitrary code is executed on the task runner container, potentially leading to compromise of the n8n instance or the underlying infrastructure.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to execute arbitrary code within the n8n task runner container. This can lead to a full compromise of the n8n instance, allowing the attacker to steal sensitive data, disrupt services, or pivot to other systems within the network. While the exact number of affected instances is unknown, any n8n deployment with the Python Task Runner enabled and vulnerable versions are at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade n8n to versions 1.123.32, 2.17.4, 2.18.1 or later to remediate the vulnerability as recommended by the vendor.\u003c/li\u003e\n\u003cli\u003eIf upgrading is not immediately possible, limit workflow creation and editing permissions to fully trusted users only, as mentioned in the advisory.\u003c/li\u003e\n\u003cli\u003eAs a temporary measure, disable the Python Code node by adding \u003ccode\u003en8n-nodes-base.code\u003c/code\u003e to the \u003ccode\u003eNODES_EXCLUDE\u003c/code\u003e environment variable, or disable the Python Task Runner entirely as documented in the advisory.\u003c/li\u003e\n\u003cli\u003eMonitor container execution for unexpected processes spawned from the n8n task runner container using the \u0026ldquo;Detect Suspicious Process Execution from n8n Task Runner\u0026rdquo; Sigma rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-29T21:21:50Z","date_published":"2026-04-29T21:21:50Z","id":"/briefs/2026-04-n8n-python-sandbox-escape/","summary":"A sandbox escape vulnerability exists in n8n's Python Task Runner that allows an authenticated user with workflow creation/modification permissions to achieve arbitrary code execution on the task runner container, impacting n8n instances with the Python Task Runner enabled; upgrade to versions 1.123.32, 2.17.4, 2.18.1 or later to remediate the vulnerability.","title":"n8n Python Task Runner Sandbox Escape Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-n8n-python-sandbox-escape/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.5,"id":"CVE-2026-39974"}],"_cs_exploited":false,"_cs_products":["n8n"],"_cs_severities":["critical"],"_cs_tags":["n8n","vulnerability","sqli","xss","rce","session-hijacking"],"_cs_type":"advisory","_cs_vendors":["n8n"],"content_html":"\u003cp\u003eMultiple vulnerabilities have been identified in n8n, a workflow automation tool. An attacker exploiting these vulnerabilities could achieve a range of malicious outcomes, including remote code execution, security bypass, information disclosure, SQL injection, denial-of-service, cross-site scripting (XSS), malicious redirection, and session hijacking. The vulnerabilities stem from insufficient input validation, insecure configurations, or design flaws within the n8n application. Successful exploitation can lead to complete compromise of the n8n instance and potentially the underlying system, depending on the permissions of the n8n process. This poses a significant risk to organizations relying on n8n for critical business processes. Defenders need to implement robust security measures to mitigate these risks.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003cp\u003eGiven the broad range of potential vulnerabilities, a generalized attack chain is outlined below:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eReconnaissance:\u003c/strong\u003e The attacker identifies a vulnerable n8n instance, potentially through Shodan or similar tools.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVulnerability Identification:\u003c/strong\u003e The attacker probes the n8n instance to identify specific exploitable vulnerabilities, such as those related to SQL injection or XSS.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eExploitation (SQL Injection):\u003c/strong\u003e The attacker crafts malicious SQL queries through user input fields or API calls to extract sensitive data from the n8n database, such as user credentials or API keys.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eExploitation (XSS):\u003c/strong\u003e The attacker injects malicious JavaScript code into n8n workflows or data fields. When other users interact with the affected workflows or data, the JavaScript code executes in their browsers.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrivilege Escalation/Lateral Movement:\u003c/strong\u003e The attacker leverages the compromised credentials or XSS vulnerabilities to gain elevated privileges within the n8n instance or move laterally to other systems within the network.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRemote Code Execution:\u003c/strong\u003e The attacker exploits a vulnerability that allows for the execution of arbitrary code on the server. This could be achieved through insecure file uploads, deserialization flaws, or command injection.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePersistence:\u003c/strong\u003e The attacker establishes persistence by creating new n8n workflows or modifying existing ones to execute malicious code on a recurring basis.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImpact:\u003c/strong\u003e The attacker exfiltrates sensitive data, disrupts critical business processes by manipulating or deleting workflows, or uses the compromised system as a foothold for further attacks within the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities could result in significant damage, depending on the attacker\u0026rsquo;s objectives. The potential impact includes data breaches, financial losses, service disruptions, and reputational damage. If sensitive data is exfiltrated, it could be used for identity theft, fraud, or other malicious purposes. Disruption of critical workflows can lead to business downtime and lost productivity. The lack of specific victim counts or sector targeting in the source data makes it difficult to quantify the impact precisely, but the broad range of potential vulnerabilities and their potential consequences warrant immediate attention.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement the provided Sigma rules to detect potential exploitation attempts targeting n8n instances (see \u0026ldquo;Descriptive Detection Rule Name\u0026rdquo; in the \u003ccode\u003erules\u003c/code\u003e section).\u003c/li\u003e\n\u003cli\u003eConduct regular security audits and penetration testing of n8n instances to identify and remediate vulnerabilities before they can be exploited.\u003c/li\u003e\n\u003cli\u003eEnforce strict input validation and sanitization measures to prevent SQL injection and XSS attacks.\u003c/li\u003e\n\u003cli\u003eApply the principle of least privilege to limit the permissions of the n8n process and users.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious activity related to n8n instances, such as unusual API calls or connections to malicious domains.\u003c/li\u003e\n\u003cli\u003eRegularly review and update n8n workflows to ensure they are secure and do not contain any malicious code.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-23T10:23:56Z","date_published":"2026-04-23T10:23:56Z","id":"/briefs/2026-04-n8n-multiple-vulnerabilities/","summary":"Multiple vulnerabilities in n8n can be exploited by an attacker to execute arbitrary code, bypass security measures, disclose sensitive information, conduct SQL injection attacks, cause denial-of-service, perform cross-site scripting, redirect users, or hijack sessions.","title":"Multiple Vulnerabilities in n8n Workflow Automation Tool","url":"https://feed.craftedsignal.io/briefs/2026-04-n8n-multiple-vulnerabilities/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["n8n"],"_cs_severities":["high"],"_cs_tags":["credential-access","authorization-bypass","n8n"],"_cs_type":"advisory","_cs_vendors":["n8n"],"content_html":"\u003cp\u003eA credential authorization bypass vulnerability, identified as CVE-2026-42226, affects n8n versions prior to 2.18.0, specifically in the \u003ccode\u003edynamic-node-parameters\u003c/code\u003e endpoints. This flaw allows an authenticated user who has access to a shared workflow to exploit the system by supplying a credential ID belonging to another user in the request body. Due to insufficient validation, the n8n backend decrypts and utilizes the specified credential during a helper execution path where the caller controls the destination URL. This enables the malicious user to force the n8n instance to authenticate against attacker-controlled infrastructure using another user\u0026rsquo;s credentials, effectively exfiltrating a reusable API key. The vulnerability impacts any node that dynamically resolves credentials through the affected endpoints. The issue was patched in n8n version 2.18.0.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains authenticated access to an n8n instance.\u003c/li\u003e\n\u003cli\u003eThe attacker obtains access to a shared workflow.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies a credential ID belonging to another user within the n8n instance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a request to a vulnerable \u003ccode\u003edynamic-node-parameters\u003c/code\u003e endpoint, injecting the foreign credential ID into the request body.\u003c/li\u003e\n\u003cli\u003eThe n8n backend, failing to validate the attacker\u0026rsquo;s authorization to use the specified credential, decrypts the targeted credential.\u003c/li\u003e\n\u003cli\u003eThe attacker controls the destination URL in the request, pointing it to attacker-controlled infrastructure.\u003c/li\u003e\n\u003cli\u003eThe n8n backend authenticates against the attacker-controlled infrastructure using the decrypted credential, sending the API key to the attacker.\u003c/li\u003e\n\u003cli\u003eThe attacker captures the API key and uses it to access resources or data accessible to the compromised credential.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability (CVE-2026-42226) allows an attacker to exfiltrate API keys belonging to other n8n users. This can lead to unauthorized access to external services and data, depending on the permissions granted to the compromised credentials. The impact is significant, potentially affecting all n8n instances running vulnerable versions (prior to 2.18.0). The severity is rated as high due to the ease of exploitation and the potential for significant data breaches.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade n8n to version 2.18.0 or later to patch the vulnerability (CVE-2026-42226).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect n8n Foreign Credential ID in dynamic-node-parameters\u003c/code\u003e to identify attempts to exploit this vulnerability.\u003c/li\u003e\n\u003cli\u003eImplement stricter access controls and limit workflow sharing to trusted users as a short-term mitigation, as suggested in the overview.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-03-n8n-credential-bypass/","summary":"A credential authorization bypass vulnerability in n8n versions before 2.18.0 allows an authenticated user with access to a shared workflow to supply a foreign credential ID, causing the backend to decrypt and use that credential against attacker-controlled infrastructure, leading to API key exfiltration.","title":"n8n Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay","url":"https://feed.craftedsignal.io/briefs/2024-01-03-n8n-credential-bypass/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["n8n"],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","vulnerability","n8n"],"_cs_type":"advisory","_cs_vendors":["npm"],"content_html":"\u003cp\u003en8n, a workflow automation platform, is susceptible to a denial-of-service (DoS) vulnerability due to insufficient resource controls on the MCP OAuth client registration endpoint. This vulnerability, identified as CVE-2026-42236, allows an unauthenticated remote attacker to send large registration payloads to the server, potentially exhausting server memory resources. Even if the MCP is disabled via the enable/disable toggle, client registrations are still possible. The attack results in the n8n instance becoming unavailable, disrupting normal operations. The vulnerability affects n8n versions before 1.123.32, versions 2.0.0 to 2.17.4, and versions 2.18.0 to 2.18.1. Patches are available in n8n versions 1.123.32, 2.17.4, and 2.18.1 to address this issue by implementing an upper bound on registered clients and disabling client creation when MCP is disabled.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an n8n instance running a vulnerable version (e.g., \u0026lt; 1.123.32, 2.0.0 \u0026lt; x \u0026lt; 2.17.4, or 2.18.0 \u0026lt; x \u0026lt; 2.18.1).\u003c/li\u003e\n\u003cli\u003eThe attacker sends an unauthenticated HTTP POST request to the MCP OAuth client registration endpoint. The exact URI path for this endpoint is not specified in the advisory, but it is related to MCP OAuth client registration.\u003c/li\u003e\n\u003cli\u003eThe POST request contains a large payload designed to consume significant server memory during processing.\u003c/li\u003e\n\u003cli\u003eThe n8n instance processes the registration request without proper resource limitations or input validation on the payload size.\u003c/li\u003e\n\u003cli\u003eThe server allocates memory to handle the large payload, potentially leading to memory exhaustion.\u003c/li\u003e\n\u003cli\u003eThe attacker sends multiple such requests in rapid succession, exacerbating the memory exhaustion issue.\u003c/li\u003e\n\u003cli\u003eThe n8n instance becomes unresponsive due to memory starvation, resulting in a denial of service.\u003c/li\u003e\n\u003cli\u003eLegitimate users are unable to access or use the n8n platform.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability leads to a denial-of-service condition, rendering the n8n instance unavailable to legitimate users. The advisory does not specify the number of victims or sectors targeted. However, any organization using a vulnerable version of n8n is at risk. If the attack succeeds, critical workflow automation processes managed by n8n will be interrupted, potentially leading to business disruptions and data loss.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade n8n to version 1.123.32, 2.17.4, or 2.18.1, or later to remediate the vulnerability as mentioned in the \u003cstrong\u003ePatches\u003c/strong\u003e section.\u003c/li\u003e\n\u003cli\u003eIf upgrading is not immediately possible, restrict network access to the n8n instance to prevent requests from untrusted sources, as outlined in the \u003cstrong\u003eWorkarounds\u003c/strong\u003e section.\u003c/li\u003e\n\u003cli\u003eIf upgrading is not immediately possible, reduce the maximum accepted payload size by lowering the \u003ccode\u003eN8N_PAYLOAD_SIZE_MAX\u003c/code\u003e environment variable as described in the \u003cstrong\u003eWorkarounds\u003c/strong\u003e section.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual POST requests to the MCP OAuth client registration endpoint (path not specified in advisory) that may indicate exploitation attempts. Create detection rules for this activity on \u003cstrong\u003ewebserver\u003c/strong\u003e logs.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"/briefs/2024-01-n8n-dos/","summary":"n8n is vulnerable to an unauthenticated denial of service (DoS) attack due to missing resource controls in the MCP OAuth client registration endpoint, allowing an attacker to exhaust server memory by sending large registration payloads, leading to service unavailability; this is resolved in versions 1.123.32, 2.17.4, and 2.18.1 and tracked as CVE-2026-42236.","title":"n8n Unauthenticated Denial of Service via MCP Client Registration","url":"https://feed.craftedsignal.io/briefs/2024-01-n8n-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — N8n","version":"https://jsonfeed.org/version/1.1"}