An authenticated remote code execution vulnerability exists in n8n due to insecure prototype pollution, requiring immediate updates to protected versions.

The vulnerability exists in the HTTP Request node, where unvalidated pagination parameters allow an authenticated user with workflow modification permissions to perform global prototype pollution. This can be chained to achieve arbitrary remote code execution on the underlying host.

The CVSS score of 9.4 reflects the severity of achieving remote code execution. An attacker who has gained low-privileged access to the platform can escalate their privileges to take full control of the workflow automation instance, potentially accessing integrated services and sensitive data across the enterprise.

Immediate Action: Update n8n to version 1.123.43, 2.22.1, 2.20.7, or later to address the prototype pollution vector.

Proactive Monitoring: Monitor workflow modification logs for suspicious activity and review system execution logs for unexpected child processes or unusual shell commands.

Compensating Controls: Enforce strict role-based access control (RBAC) to limit which users can create or modify workflows until the patch can be applied.

Public Exploit Available: No

The severity of this flaw necessitates an immediate update to the latest patched versions. Security teams should prioritize patching this instance to prevent authenticated users from escalating their privileges and compromising the integrity of the automation platform.