Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: Critical vulnerabilities in n8n, Patch Immediately!
Image
Gepubliceerd : 05/05/2026
Last update: 05/05/2026
Affected software: < 1.123.32, < 2.17.4, < 2.18.1
Type: CWE-1321: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE/CVSS:
CVE-2026-42231: CVSS 9.4 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L)
CVE-2026-42232: CVSS 9.4 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)
Source
GitHub Advisory - CVE-2026-42231
GitHub Advisory - CVE-2026-42232
Risk
Multiple critical vulnerabilities have been discovered in n8n, a widely used workflow automation tool. These vulnerabilities, identified as CVE-2026-42231 and CVE-2026-42232, involve Prototype Pollution flaws that can be escalated to Remote Code Execution (RCE) on the n8n host. This has a high impact on Confidentiality, Integrity and Availability.
Users are strongly advised to apply the available security updates immediately.
Description
CVE-2026-42231 (CVSS 9.4)
This vulnerability targets the webhook infrastructure of n8n. Due to the insecure processing of incoming XML payloads by a backend parsing library, an attacker can inject malicious properties into the global object prototype. An authenticated user with workflow editing rights can weaponize this condition by routing the polluted data through the Git node's SSH functions, ultimately executing unauthorized commands directly on the underlying host server.
CVE-2026-42232 (CVSS 9.4)
This flaw presents a similar attack vector but originates directly from the XML Node component. It permits an authenticated user to deliberately pollute the global prototype chain during the creation or modification of a workflow. If this compromised state is subsequently chained with other susceptible workflow nodes, it provides the attacker with an alternative pathway to achieve Remote Code Execution (RCE).
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
The issues have been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1 and later.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.