By rssfeeds-admin Published five days ago by maintainer Jubke across three separate GitHub Security Advisories, the flaws affect n8n versions below 1.123.43, 2.20.7, and 2.22.1 and carry the maximum possible impact ratings under both the CVSS 3.1 and CVSS 4.0 scoring systems.
Organizations running self-hosted n8n instances should treat this as an urgent patch priority. With n8n widely deployed in enterprise automation pipelines, it often has access to sensitive APIs, databases, and internal systems.
Earlier in 2026, n8n was hit by separate critical RCE chains via expression sandbox escapes (CVE-2026-27577, CVSS 9.4) and unauthenticated form evaluation (CVE-2026-27493, CVSS 9.5), with security firm Pillar Security warning that exploitation could expose every credential stored in n8n’s encrypted database.
Three Critical n8n Vulnerabilities
The first vulnerability, CVE-2026-44789 (GHSA-c8xv-5998-g76h), resides in n8n’s HTTP Request node. An authenticated user with workflow creation or editing permissions can trigger global prototype pollution by supplying an unvalidated pagination parameter.
Under CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes), this pollution can be chained with other techniques to achieve full RCE on the n8n instance. Researcher sm1ee is credited with the discovery.
The second flaw, CVE-2026-44790 (GHSA-57g9-58c2-xjg3), targets the Git node’s Push operation.
By injecting arbitrary CLI flags into the node’s command string, an attacker can read any file accessible to the n8n server process, a classic argument injection bug classified under CWE-88.
In practice, this means credentials, environment variables, private keys, and configuration files are all fair game, potentially leading to full server compromise. Researcher simonkoeck reported this issue.
The third vulnerability, CVE-2026-44791 (GHSA-wrwr-h859-xh2r), is particularly alarming because it represents a patch bypass.
It circumvents the previously issued fix for GHSA-hqr4-h3xv-9m3r in the XML node, reintroducing prototype pollution through a different code path. When chained with additional nodes, this too can escalate to RCE on the host. Simonkoeck also reported this bypass.
All three vulnerabilities share an identical CVSS 4.0 vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H reflecting network-exploitable, low-complexity attacks requiring only low privileges.
The same advisory batch disclosed two additional flaws affecting the same patched versions:
- CVE-2026-44792 — SQL injection in the Source Control Pull import of Data Table JSON files, targeting instances using PostgreSQL as the backend
- CVE-2026-45732 — OAuth token overwrite via improperly controlled credential reconnect endpoints, affecting all instances with shared credentials
Patched Versions and Mitigations
n8n has released fixes across three version branches. Users should upgrade to one of the following immediately:
- 1.123.43 or later
- 2.20.7 or later
- 2.22.1 or later
For environments where immediate upgrades are not feasible, n8n recommends two interim mitigations, though neither fully eliminates risk:
- Restrict workflow creation and editing permissions to fully trusted users only
- Turn off the affected nodes via the
NODES_EXCLUDEenvironment variable: addn8n-nodes-base.httpRequest,n8n-nodes-base.git, andn8n-nodes-base.xmlrespectively
The recurrence of prototype pollution in n8n, including a patch bypass, signals a deeper need for systematic input validation across all nodes that accept user-controlled data.
Given that n8n instances often sit at the heart of business-critical automation workflows and have privileged access to internal services, defenders should aggressively audit workflow permissions and monitor for anomalous node usage patterns even after patching.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post Critical n8n Flaw Expose Automation Nodes to Full RCE appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.