A vulnerability classified as critical was found in n8n-io n8n up to 2.25.6/2.26.1 . Affected is an unknown function of the component Public Handler . The manipulation results in improperly controlled modification of object prototype attributes. This vulnerability is identified as CVE-2026-54306 . The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.