{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-44791/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["n8n (\u003c 1.123.43)","n8n (\u003e= 2.21.0, \u003c 2.22.1)","n8n (\u003e= 2.0.0-rc.0, \u003c 2.20.7)"],"_cs_severities":["critical"],"_cs_tags":["prototype pollution","RCE","n8n","CVE-2026-44791"],"_cs_type":"advisory","_cs_vendors":["n8n GmbH"],"content_html":"\u003cp\u003eAn authenticated user with permission to create or modify workflows can bypass the patch for GHSA-hqr4-h3xv-9m3r in the XML node of n8n, a workflow automation platform. This vulnerability, identified as CVE-2026-44791, allows for prototype pollution. Successful exploitation, when chained with other nodes, can lead to remote code execution (RCE) on the n8n host. The affected versions include n8n versions prior to 1.123.43, versions 2.21.0 to 2.22.1 (excluding 2.22.1), and versions 2.0.0-rc.0 to 2.20.7 (excluding 2.20.7). This vulnerability matters to defenders because it allows attackers to gain complete control over the n8n instance, potentially compromising sensitive data and enabling further malicious activities.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains authenticated access to an n8n instance with workflow creation and modification privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious workflow that includes the XML node.\u003c/li\u003e\n\u003cli\u003eThe attacker exploits CVE-2026-44791, bypassing the patch for GHSA-hqr4-h3xv-9m3r by manipulating XML node parameters to inject a prototype pollution payload.\u003c/li\u003e\n\u003cli\u003eThe prototype pollution modifies JavaScript object prototypes within the n8n environment.\u003c/li\u003e\n\u003cli\u003eThe attacker chains the XML node with other nodes in the workflow (e.g., Function node, Execute Command node).\u003c/li\u003e\n\u003cli\u003eThe polluted prototypes are leveraged by the subsequent nodes to execute arbitrary JavaScript code.\u003c/li\u003e\n\u003cli\u003eThe arbitrary code execution allows the attacker to execute system commands on the n8n host.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves remote code execution (RCE), gaining control of the n8n host and potentially compromising the underlying system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-44791 allows an attacker to achieve remote code execution on the n8n host. This could lead to the complete compromise of the n8n instance, potentially affecting all workflows and data managed by the platform. The attacker could potentially access sensitive information, modify workflows for malicious purposes, or use the compromised host as a pivot point for further attacks within the network. The vulnerability affects n8n instances running vulnerable versions prior to the patched versions, impacting any organization using n8n for workflow automation.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade n8n to version 1.123.43, 2.20.7, or 2.22.1 or later to remediate CVE-2026-44791, as mentioned in the overview.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect n8n XML Node Prototype Pollution Attempt\u0026rdquo; to identify suspicious workflow creations involving the XML node, as described in the rules section.\u003c/li\u003e\n\u003cli\u003eIf immediate upgrade is not possible, implement the suggested workarounds by limiting workflow creation/editing permissions or disabling the XML node via the \u003ccode\u003eNODES_EXCLUDE\u003c/code\u003e environment variable, as detailed in the overview section.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-14T16:22:47Z","date_published":"2026-05-14T16:22:47Z","id":"https://feed.craftedsignal.io/briefs/2026-05-n8n-xml-prototype-bypass/","summary":"An authenticated n8n user with workflow creation privileges can bypass a previous patch for XML node prototype pollution, potentially leading to remote code execution on the n8n host when combined with other nodes; patched in versions 1.123.43, 2.20.7, and 2.22.1.","title":"n8n XML Node Prototype Pollution Patch Bypass Leads to RCE","url":"https://feed.craftedsignal.io/briefs/2026-05-n8n-xml-prototype-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — CVE-2026-44791","version":"https://jsonfeed.org/version/1.1"}