CVE-2026-33696

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.14.1 n8n versions prior to 2.13.3 n8n versions prior to 1.123.27

Description n8n is a workflow automation platform susceptible to a prototype pollution issue in the XML and GSuiteAdmin nodes. An authenticated user with workflow creation or modification permissions can exploit this by supplying crafted parameters during node configuration, allowing them to write attacker-controlled values onto Object.prototype. This prototype pollution can potentially lead to remote code execution on the n8n instance.

Recommendations Upgrade to n8n version 2.14.1 or later. Upgrade to n8n version 2.13.3 or later. Upgrade to n8n version 1.123.27 or later. If upgrading is not immediately possible, limit workflow creation and editing permissions to fully trusted users only. If upgrading is not immediately possible, disable the XML node by adding n8n-nodes-base.xml to the NODES EXCLUDE environment variable.