Critical n8n Workflow Automation Flaws CVE-2026-42231 & CVE-2026-42232: Chained Prototype Pollution to Full RCE

Two critical prototype pollution vulnerabilities in n8n — the open-source workflow automation platform used by thousands of enterprises globally — can be chained together to achieve unauthenticated remote code execution with a CVSS 4.0 base score of 9.4. For Saudi financial institutions running n8n to automate compliance workflows, SOC alerting, or IT operations, the attack surface is immediate and the remediation window is closing fast.

What Is n8n and Why Should CISOs Care?

n8n is a popular open-source workflow automation tool that competes with Zapier and Microsoft Power Automate. It allows organizations to build automated workflows connecting hundreds of services — from Slack and email to databases, APIs, and internal systems. In the Saudi financial sector, n8n deployments have grown as institutions seek to automate GRC reporting, vulnerability scan orchestration, SOC ticket routing, and compliance evidence collection. The platform's self-hosted nature appeals to organizations subject to SAMA data residency requirements, but that same self-hosting model means patching responsibility falls squarely on internal teams.

CVE-2026-42231: Prototype Pollution via xml2js in Webhook Handlers

The first vulnerability, CVE-2026-42231, resides in how n8n processes incoming XML data through its webhook handler nodes. The platform uses the xml2js library to parse XML payloads submitted to webhook endpoints. Researchers discovered that a specially crafted XML payload can manipulate JavaScript object prototypes through the xml2js parsing logic. By injecting properties like __proto__ into the XML structure, an attacker can pollute the global Object prototype — effectively altering the behavior of every JavaScript object in the running n8n process. The attack requires no authentication if the target webhook is publicly exposed, which is the default configuration for many webhook-triggered workflows.

CVE-2026-42232: Prototype Pollution via XML Node Processing

The second flaw, CVE-2026-42232, targets the XML Node — a built-in n8n node used to transform and process XML data within workflows. Authenticated users with workflow creation or modification privileges can craft a workflow containing a malicious XML Node configuration that triggers global prototype pollution. While this vulnerability alone requires authentication, its real danger lies in how it chains with CVE-2026-42231. An attacker who achieves prototype pollution through the unauthenticated webhook vector (CVE-2026-42231) can leverage the polluted prototype to escalate into full remote code execution through the expression evaluation engine that powers n8n's node execution.

The Kill Chain: From XML Payload to Server Takeover

When chained, the attack sequence is devastatingly simple. First, the attacker identifies a publicly exposed n8n webhook endpoint — trivial using tools like Shodan or Censys. Second, they submit a crafted XML payload that pollutes the JavaScript Object prototype via CVE-2026-42231. Third, the polluted prototype contaminates the expression evaluation context used by n8n to execute workflow logic. Fourth, the attacker triggers code execution within the Node.js runtime, achieving full command execution on the underlying server. The entire chain requires no credentials, no user interaction, and operates at network-level with low complexity — hence the CVSS 9.4 critical rating.

Impact on Saudi Financial Institutions and SAMA Compliance

The implications for SAMA-regulated entities are severe across multiple compliance dimensions. Under SAMA CSCC Domain 3 (Cybersecurity Operations and Technology), institutions are required to maintain hardened, patched systems with continuous vulnerability management. Running an unpatched n8n instance that processes financial data or connects to core banking APIs directly violates these controls. If an attacker exploits the chain to access backend databases, customer records, or internal APIs, the breach triggers PDPL (Personal Data Protection Law) notification obligations — including mandatory reporting to SDAIA within 72 hours. For institutions processing card data through n8n-automated workflows, PCI-DSS Requirement 6 (Develop and Maintain Secure Systems) mandates that critical vulnerabilities be patched within 30 days, though the active exploitation risk here warrants emergency patching within hours, not weeks.

The NCA Essential Cybersecurity Controls (ECC) further reinforce this urgency. ECC-1:3-1 requires organizations to apply security patches for critical vulnerabilities promptly, and ECC-2:2-1 mandates network segmentation that should prevent a compromised automation tool from pivoting to core financial systems. Organizations that deployed n8n without proper network isolation now face compounded risk.

Affected Versions and Patch Availability

The vulnerabilities affect all n8n versions prior to 1.123.32 (1.x branch), 2.17.4 (2.17.x branch), and 2.18.1 (2.18.x branch). The n8n team has released patched versions across all three branches. Organizations running n8n Cloud (the SaaS offering) have been automatically patched. Self-hosted deployments — which are common in regulated environments due to data sovereignty requirements — must be updated manually. There are no viable workarounds that fully mitigate the risk; disabling webhook nodes reduces the unauthenticated attack surface but does not address CVE-2026-42232 for authenticated attackers.

Recommendations and Immediate Actions

1. Emergency patch: Update all n8n instances to version 1.123.32, 2.17.4, or 2.18.1 immediately. Treat this as a P0 change with expedited CAB approval given the CVSS 9.4 score and public exploit availability.
2. Audit webhook exposure: Inventory all n8n webhook endpoints exposed to the internet. If any are publicly accessible without authentication, implement WAF rules or reverse proxy authentication as an interim control while patching is underway.
3. Network segmentation review: Verify that n8n instances are deployed in isolated network segments with least-privilege access to backend systems. A compromised automation server should not have direct database access or administrative API credentials.
4. Credential rotation: If your n8n instance was running an affected version with public webhook endpoints, assume compromise and rotate all credentials, API keys, and tokens stored in n8n's credential vault.
5. Log analysis: Review n8n access logs and webhook invocation logs for suspicious XML payloads containing __proto__, constructor, or prototype strings — indicators of prototype pollution attempts.
6. SAMA incident assessment: If evidence of exploitation is found, initiate your SAMA CSCC incident response procedures and evaluate PDPL notification requirements based on the data categories accessible through the compromised instance.

Conclusion

The n8n prototype pollution chain is a textbook example of why workflow automation platforms deserve the same security scrutiny as any internet-facing application. These tools often accumulate privileged access to dozens of internal systems — databases, email servers, cloud APIs, ticketing systems — making them high-value targets for attackers. A single unpatched n8n instance with a public webhook can become the entry point to your entire operational infrastructure. Patch now, audit your exposure, and ensure your automation stack is included in your continuous vulnerability management program.

Is your organization prepared? Contact Fyntralink for a complimentary SAMA Cyber Maturity Assessment and discover how we help Saudi financial institutions secure their automation infrastructure against emerging threats.