Prototype pollution in n8n nodes can lead to RCE

TL;DR — A critical prototype pollution bug in n8n node configuration can let authenticated workflow editors reach remote code execution on the n8n host.

What happened

n8n is an open-source workflow automation platform that connects apps/APIs via configurable nodes and executes workflows on a central server.

CVE-2026-33696 describes a prototype pollution issue in n8n’s XML and GSuiteAdmin nodes where a user who can create/modify workflows can supply crafted node parameters to write attacker-controlled values onto Object.prototype, which can then be leveraged to achieve remote code execution on the instance.

Severity is CVSS v4.0 9.4 (Critical). This is high-leverage risk in shared/self-hosted n8n deployments because “workflow editor” privileges are commonly delegated, and a single node-level bug can collapse the trust boundary into full server-side execution.

Who is impacted

• n8n deployments where users have permission to create or modify workflows and can access the XML and/or GSuiteAdmin nodes.

What to do now

• Follow vendor remediation guidance and apply a fixed release.

  "Users should upgrade to one of these versions or later to remediate the vulnerability."

• If upgrading is not immediately possible, treat workflow editing as a high-risk permission and reduce exposure.

  "Limit workflow creation and editing permissions to fully trusted users only"

• Consider temporarily removing the vulnerable node from runtime availability until patching completes.

  "disable the XML node by adding n8n-nodes-base.xml to the NODES_EXCLUDE environment variable."