<![CDATA[critical security patch 2.17.5]]>

<![CDATA[critical security patch 2.17.5]]>Hello,
I just got this notification from the N8N security team regarding several issues, one of them beeing a 10/10 CVE that the current Cloudron package is vulnerable to:

critical |** XML Node Prototype Pollution to RCE** ( GHSA-hqr4-h3xv-9m3r )
critical |** Prototype Pollution in XML Webhook Body Parser Leads to RCE** ( GHSA-q5f4-99jv-pgg5 )
high |** Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay** ( GHSA-r4v6-9fqc-w5jr )
high |** Python Task Runner Sandbox Escape** ( GHSA-44v6-jhgm-p3m4 )
high |** XSS via MCP OAuth client** ( GHSA-537j-gqpc-p7fq )
high |** Unauthenticated Denial of Service via MCP Client Registration** ( GHSA-49m9-pgww-9vq6 )

Please update the package to 2.17.5 as soon as possible.

Best,
Dominik

]]>https://forum.cloudron.io/topic/15430/critical-security-patch-2.17.5RSS for NodeWed, 22 Apr 2026 22:52:01 GMTWed, 22 Apr 2026 15:12:05 GMT60<![CDATA[Reply to critical security patch 2.17.5 on Wed, 22 Apr 2026 16:20:28 GMT]]>the update is live, thanks!

]]>https://forum.cloudron.io/post/123864https://forum.cloudron.io/post/123864Wed, 22 Apr 2026 16:20:28 GMT