A critical authentication bypass in the n8n XML node allows authenticated users to achieve Remote Code Execution on the host server by chaining vulnerable operations.

This vulnerability is an authentication bypass that invalidates a previous security patch for the XML node. By crafting specific workflows, an authenticated attacker can execute arbitrary code on the n8n host, circumventing existing functional restrictions.

The potential for Remote Code Execution carries the highest level of risk, as it grants an attacker full control over the application server. With a CVSS score of 9.4, this vulnerability could lead to total data breaches, lateral movement into internal networks, and permanent loss of system integrity.

Immediate Action: Upgrade to version 1.123.43, 2.22.1, or 2.20.7 to restore security protections for the XML node.

Proactive Monitoring: Monitor for anomalous process execution or unexpected outbound network connections originating from the n8n container or host.

Compensating Controls: Use a Web Application Firewall (WAF) to inspect incoming XML payloads for malicious patterns, though patching remains the only reliable mitigation.

Public Exploit Available: No

This vulnerability is highly severe because it allows for full system compromise via Remote Code Execution. Administrators must treat this as an emergency update; ensure all instances of n8n are updated to the specified versions immediately to prevent unauthorized code execution.