CVE-2026-59206
Undergoing Analysis Undergoing Analysis - In Progress

Prototype Pollution in n8n Workflow Automation

Vulnerability report for CVE-2026-59206, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: GitHub, Inc.

Description

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated requests to be treated as a privileged user and exposing user and project listing endpoints. This issue is fixed in versions 1.123.61, 2.27.4, and 2.28.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
n8n n8n to 1.123.61 (exc)
n8n n8n From 2.0.0 (inc) to 2.27.4 (exc)
n8n n8n 2.28.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1321 The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-59206 is a Prototype Pollution vulnerability in the open-source workflow automation platform n8n. It affects versions prior to 1.123.61, 2.27.4, and 2.28.1. An authenticated user with the default workflow:create permission can craft a workflow that pollutes the Object.prototype when saved, updated, or imported via the workflow API.

This pollution allows unauthenticated requests to be treated as privileged users, exposing sensitive endpoints such as user and project listings.

Impact Analysis

This vulnerability can lead to authentication bypass, allowing unauthenticated attackers to gain privileged access.

  • Exposure of sensitive information including personal data such as emails, user roles, and MFA status.
  • Disclosure of all projects on the n8n instance to unauthorized users.
  • Pollution of the global state which may cause parts of the instance to become unresponsive until a restart.
Compliance Impact

This vulnerability allows unauthenticated attackers to gain privileged access to user and project listing endpoints, potentially exposing personal data such as emails, roles, and MFA status. Such unauthorized disclosure of personal data can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require strict controls over access to personal and sensitive information.

Additionally, the corruption of global state causing parts of the instance to become unresponsive could impact the availability and integrity of data, which are also important aspects of compliance with these standards.

Mitigations such as patching to fixed versions or restricting workflow creation permissions to trusted users and limiting network access are necessary to maintain compliance.

Detection Guidance

This vulnerability involves prototype pollution via crafted workflows saved, updated, or imported through the workflow API by an authenticated user with workflow:create permission. Detection would involve monitoring for unusual or unauthorized workflow creation or modification activities, especially those that could manipulate Object.prototype.

Since the vulnerability allows unauthenticated requests to be treated as privileged users, monitoring for unexpected access to user and project listing endpoints by unauthenticated clients could indicate exploitation.

No specific detection commands are provided in the available resources.

Mitigation Strategies

Immediate mitigation steps include upgrading n8n to a fixed version: 1.123.61, 2.27.4, or 2.28.1 or later.

As a temporary mitigation, restrict workflow creation permissions to trusted users only.

Additionally, limit network access to the n8n instance to prevent unauthorized access.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-59206. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart