CVE-2026-42232 - n8n XML node prototype pollution RCE

rg -n "n8n|N8N_VERSION|n8nio/n8n|NODES_EXCLUDE|n8n-nodes-base.xml|XML|xml" .
npm ls n8n
pnpm why n8n
yarn why n8n
docker image ls | rg 'n8n|n8nio'

Model context: this prompt was generated by GPT 5.5 Extra High reasoning.

You are remediating CVE-2026-42232 (n8n XML node prototype pollution leading to
RCE). Produce exactly one output:

- A reviewer-ready PR/change request that upgrades n8n, preserves the intended
  release line, adds regression/deployment checks, and documents operator
  containment, or
- TRIAGE.md if this repository does not own an affected n8n runtime or safe
  patch path.

## Rules

- Scope only CVE-2026-42232.
- Distinguish n8n server/runtime deployments from n8n API clients, workflow
  exports, SDK wrappers, or documentation.
- Do not execute exploit payloads or live workflow chains to prove RCE.
- Do not print, snapshot, or commit n8n credentials, webhook tokens, SSH keys,
  Git credentials, workflow secrets, cookies, execution data, or environment
  secrets.
- Do not auto-merge.

## Steps

1. Inventory every n8n runtime reference controlled by the repository:
   package manifests, lockfiles, Dockerfiles, compose files, Helm values,
   Kubernetes manifests, Terraform, Ansible, release scripts, SBOMs, generated
   dependency manifests, workflow bundles, and runbooks.
2. Determine whether any deployable n8n runtime resolves to:
   - `n8n <1.123.32`;
   - `n8n >=2.17.0, <2.17.4`;
   - `n8n >=2.18.0, <2.18.1`.
3. If the repository only stores workflow exports or talks to an externally
   owned n8n instance, stop with `TRIAGE.md` naming the owner, evidence, and
   required patched versions.
4. Upgrade vulnerable runtimes on their existing release line:
   - `1.x` to `1.123.32+`;
   - `2.17.x` to `2.17.4+`;
   - `2.18.x` to `2.18.1+`;
   - floating image tags to explicit patched tags or digests.
5. Regenerate lockfiles, rendered deploy manifests, container metadata, SBOMs,
   generated dependency reports, and image digests as appropriate for this repo.
6. Search configuration and workflow assets for XML node exposure:
   - `n8n-nodes-base.xml`;
   - XML nodes or XML parsing;
   - `NODES_EXCLUDE`;
   - workflow author/editor roles;
   - Git, SSH, command, code, file-system, or other host-interacting nodes near
     XML-processing paths.
7. Add or update a test, policy check, or deployment-render assertion that proves
   the resolved n8n version is patched. If this repo manages node exclusions,
   also test that emergency `NODES_EXCLUDE` configuration renders correctly when
   enabled.
8. Add a PR body section named `CVE-2026-42232 operator actions` that states:
   - which n8n release line was upgraded;
   - whether XML node usage exists;
   - whether workflow authoring is limited to trusted users during rollout;
   - whether `NODES_EXCLUDE=n8n-nodes-base.xml` is needed as temporary
     containment;
   - whether credential rotation or incident review is required.
9. If immediate upgrade is blocked, add temporary containment where this repo
   controls it:
   - restrict workflow creation and editing to trusted administrators;
   - disable the XML node with `NODES_EXCLUDE`;
   - reduce n8n worker privileges and network/file-system reach;
   - document residual risk because containment does not fully remediate.
10. Run available validation: package-manager install check, lockfile integrity,
    unit tests, workflow import/export checks, lint/typecheck, image build,
    deploy rendering, and dependency/security scans.
11. Use PR title:
    `fix(sec): remediate CVE-2026-42232 in n8n`.

## Stop conditions

- The repository does not deploy or package n8n.
- The n8n runtime is owned by another team or vendor and cannot be patched here.
- A fixed version cannot be consumed without a larger n8n migration.
- Verifying exposure would require running exploit-like XML payloads or
  host-command workflow chains.
- Validation fails for unrelated pre-existing reasons; document those failures
  instead of broadening scope.