{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-44791","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2026-05-07T19:20:44.692Z","datePublished":"2026-06-23T15:54:17.298Z","dateUpdated":"2026-06-23T17:13:43.642Z"},"containers":{"cna":{"title":"n8n: XML Node Prototype Pollution Patch Bypass","problemTypes":[{"descriptions":[{"cweId":"CWE-1321","lang":"en","description":"CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')","type":"CWE"}]}],"metrics":[{"cvssV4_0":{"attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","baseScore":9.4,"baseSeverity":"CRITICAL","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H","version":"4.0"}}],"references":[{"name":"https://github.com/n8n-io/n8n/security/advisories/GHSA-wrwr-h859-xh2r","tags":["x_refsource_CONFIRM"],"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-wrwr-h859-xh2r"}],"affected":[{"vendor":"n8n-io","product":"n8n","versions":[{"version":"< 1.123.43","status":"affected"},{"version":">= 2.0.0-rc.0, < 2.20.7","status":"affected"},{"version":">= 2.21.0, < 2.21.1","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-06-23T15:54:17.298Z"},"descriptions":[{"lang":"en","value":"n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-42232 in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7."}],"source":{"advisory":"GHSA-wrwr-h859-xh2r","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-06-23T17:09:36.219871Z","id":"CVE-2026-44791","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-06-23T17:13:43.642Z"}}]}}