CYBERHAWK / CVE / CVE-2026-42231

CVE-2026-42231

n8n

HIGH CVSS 8.8 vibe oss

The flaw

Prototype pollution via xml2js in webhook handler enables remote code execution when chained with Git node.

What to do

Update n8n to version 1.123.32, 2.17.4, or 2.18.1

▸ Scan my repo for CVE-2026-42231

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

In the news

n8n: From Parsing Bug to Remote Code Execution aka CVE-2026-42231DeXpose · 2026-05-05
Warning: Critical vulnerabilities in n8n, Patch Immediately!Centre for Cybersecurity Belgium · 2026-05-05
"www82 xnet – Acesse 58h58.com.pie" - Results on X | Live Posts & Updatesx.com · 2026-05-09

First seen 2026-05-08 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits