CVE-2026-42231 - n8n XML webhook prototype pollution RCE

rg -n "n8n|N8N_VERSION|n8nio/n8n|NODES_EXCLUDE|webhook|xml|git" .
npm ls n8n
pnpm why n8n
yarn why n8n
docker image ls | rg 'n8n|n8nio'

Model context: this prompt was generated by GPT 5.5 Extra High reasoning.

You are remediating CVE-2026-42231 (n8n XML webhook prototype pollution leading
to RCE). Produce exactly one output:

- A reviewer-ready PR/change request that upgrades n8n, preserves the intended
  release line, adds deployment/operator checks, and documents short-term
  containment, or
- TRIAGE.md if this repository does not own an affected n8n runtime or safe
  patch path.

## Rules

- Scope only CVE-2026-42231.
- Distinguish n8n server deployments from n8n API clients, SDK wrappers,
  workflow exports, or documentation.
- Do not execute proof-of-concept payloads, Git-node SSH operations, shell
  commands, or webhook calls against production n8n instances.
- Do not print, snapshot, or commit n8n credentials, webhook tokens, SSH keys,
  Git credentials, workflow secrets, cookies, or environment secrets.
- Do not auto-merge.

## Steps

1. Inventory all n8n runtime references in package manifests, lockfiles,
   Dockerfiles, compose files, Helm values, Kubernetes manifests, Terraform,
   Ansible, release scripts, SBOMs, generated dependency manifests, and
   deployment runbooks.
2. Determine whether any deployable n8n runtime resolves to:
   - `n8n <1.123.32`;
   - `n8n >=2.17.0, <2.17.4`;
   - `n8n >=2.18.0, <2.18.1`.
3. If the repository only calls an externally owned n8n service, stop with
   `TRIAGE.md` naming the owning service, the evidence found, and the required
   patched versions.
4. Upgrade the vulnerable runtime on its existing release line:
   - `1.x` deployments to `1.123.32+`;
   - `2.17.x` deployments to `2.17.4+`;
   - `2.18.x` deployments to `2.18.1+`;
   - floating tags to an explicit patched tag or digest.
5. Regenerate the repository's normal dependency and deployment artifacts:
   lockfiles, rendered Helm/Kubernetes manifests, container metadata, SBOMs,
   image digests, and generated dependency reports.
6. Search workflows and configuration for XML webhooks and host-interacting
   follow-on nodes:
   - webhook nodes accepting XML request bodies;
   - XML node usage near webhook input;
   - Git, SSH, command, file-system, code, or execute-command nodes;
   - workflow author roles or tenant settings that allow untrusted editing.
7. Add a short operator runbook or PR body section named
   `CVE-2026-42231 operator actions` that states:
   - which n8n version line was upgraded;
   - whether workflow creation/editing is limited to trusted users until
     rollout completes;
   - whether XML webhook workflows exist;
   - whether risky XML-to-Git/SSH/host-interacting workflow chains were found;
   - whether credential rotation or incident review is required.
8. If the upgrade cannot deploy immediately, add temporary containment where
   this repository controls it:
   - restrict workflow creation and editing to trusted administrators;
   - disable or quarantine XML webhook workflows that process untrusted input;
   - reduce network/file-system privileges for n8n workers;
   - document residual risk because containment does not fully remediate.
9. Run available validation: package-manager install check, lockfile integrity,
   unit tests, workflow import/export tests, lint/typecheck, image build, deploy
   rendering, and dependency/security scans.
10. Use PR title:
    `fix(sec): remediate CVE-2026-42231 in n8n`.

## Stop conditions

- The repository does not deploy or package n8n.
- The n8n runtime is owned by another team or vendor and cannot be patched here.
- A fixed version cannot be consumed without a larger n8n migration.
- Validating the exploit path would require running live RCE-like payloads,
  SSH operations, or production webhook probes.
- Validation fails for unrelated pre-existing reasons; document those failures
  instead of broadening scope.