Full Report
n8n security advisory (AV26-379)
Analysis Summary
# Vulnerability: Multiple Security Flaws in n8n (AV26-379)
## CVE Details
*Note: The specific CVE identifiers were not detailed in the summary advisory. Based on the components listed, these address several distinct critical vulnerabilities.*
- **CVE ID:** Pending/Multiple (Refer to vendor security page)
- **CVSS Score:** Up to 10.0 (Critical)
- **CWE:** CWE-1321 (Prototype Pollution), CWE-89 (SQL Injection), CWE-94 (Code Injection)
## Affected Systems
- **Products:** n8n (Workflow Automation Tool)
- **Versions:** Multiple versions prior to the April 2026 security release.
- **Configurations:** Systems utilizing the following modules are at highest risk:
- MCP Client Registration / OAuth Client
- XML Node and XML Webhooks
- SQL Mode of Merge Node
- Python Task Runner
- Dynamic-node-parameters
## Vulnerability Description
This advisory covers a cluster of vulnerabilities across different n8n functional areas:
1. **Prototype Pollution (XML Node):** Improper handling of XML objects can allow an attacker to inject properties into the global object prototype, leading to Denial of Service (DoS) or Remote Code Execution (RCE).
2. **Code/Task Injection (Python Task Runner):** Potential for escape from the sandbox environment during Python script execution.
3. **SQL/Injection (SQL Mode of Merge Node):** Insufficient sanitization in the "Merge" node when performing SQL operations.
4. **Auth/API Flaws:** Flaws in the Model Context Protocol (MCP) registration and OAuth client handling that could lead to unauthorized access or credential exposure.
## Exploitation
- **Status:** PoC availability likely (Standard vectors for Prototype Pollution and SQLi exist for these nodes).
- **Complexity:** Low to Medium
- **Attack Vector:** Network (Remote)
## Impact
- **Confidentiality:** High (Data exfiltration via SQLi and Webhooks)
- **Integrity:** High (Modification of workflows and system files)
- **Availability:** High (System crashes via Prototype Pollution)
## Remediation
### Patches
Users are advised to update their n8n instances to the latest available versions immediately.
- Refer to the official n8n repository for version-specific fixes: **hXXps[://]github[.]com/n8n-io/n8n/security**
### Workarounds
- Disable the **Python Task Runner** node if not strictly necessary.
- Restrict access to the n8n UI and Webhook endpoints using IP allowlisting or VPNs.
- Disable the **SQL Mode** in Merge nodes where possible.
## Detection
- **Indicators of Compromise:** Unusual outbound network traffic from the n8n host, unexpected changes to workflow JSON definitions, or unauthorized user accounts in the n8n database.
- **Detection methods:** Audit n8n logs for unusual `eval()` calls or unexpected SQL syntax errors in the Merge node logs.
## References
- n8n Security Advisories: hXXps[://]github[.]com/n8n-io/n8n/security
- Canadian Centre for Cyber Security (AV26-379): hXXps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/n8n-security-advisory-av26-379