n8n Microsoft SQL Node Vulnerability Allows Prototype Pollution

What Happened

An authenticated user with permission to create or modify workflows could achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as the table parameter. This pollutes `Object.prototype` process-wide for the lifetime of the n8n server process, causing application-wide validation failures and rendering the n8n instance completely non-functional until restarted.

Who Is Affected

Users of n8n with versions prior to 2.24.0 who have the Microsoft SQL node enabled.

Severity & Impact

The vulnerability has a severity score of 7.2 and can cause significant disruption to n8n instances.

Mitigation

Upgrade to n8n version 2.24.0 or later. As a temporary workaround, limit workflow creation and editing permissions to trusted users or disable the Microsoft SQL node.

n8n Microsoft SQL Node Vulnerability Allows Prototype Pollution

What Happened

Who Is Affected

Severity & Impact

Mitigation

Sources

More news posts

Malicious Infrastructure Distributes EtherRAT and Phishing Pages

Over 400 AUR Packages Compromised in Arch Linux Supply Chain Attack