Three critical vulnerabilities in the widely-used workflow automation platform n8n have been publicly disclosed, and security researchers are warning that attackers can chain these flaws to achieve full remote code execution (RCE) on vulnerable systems with nothing more than a low-privileged account.
The vulnerabilities, detailed across multiple GitHub Security Advisories, affect n8n versions prior to 1.123.43, 2.20.7, and 2.22.1.
While authenticated access is required to exploit them, the low privilege threshold makes these flaws especially alarming in multi-user environments where numerous individuals can create or edit automation workflows.
Critical n8n Flaws
The most severe of the three flaws, tracked as CVE-2026-44789 (GHSA-c8xv-5998-g76h), resides in n8n’s HTTP Request node.
Disclosed by researcher Jubke, the vulnerability stems from improper validation of a pagination parameter, which opens the door to prototype pollution a JavaScript attack technique that corrupts the behavior of the global object, allowing attackers to manipulate application logic across all running workflows.
When chained with secondary techniques, this flaw escalates to full arbitrary code execution on the host system.
Security experts note that automation platforms are particularly susceptible to prototype pollution because workflows routinely process dynamic, user-supplied data from multiple external sources, expanding the attack surface considerably.
The second critical issue, CVE-2026-44790 (GHSA-57g9-58c2-xjg3), targets the Git node and is classified as CWE-88 (argument injection). Attackers can inject malicious command-line arguments during Git push operations, manipulating how system-level commands are executed.
By abusing this behavior, an adversary can read arbitrary files from the underlying server. This includes highly sensitive data such as configuration files, API keys, and stored credentials any of which could serve as a launchpad for deeper system compromise or lateral movement across connected infrastructure.
Rounding out the trio is CVE-2026-44791 (GHSA-wrwr-h859-xh2r), a patch bypass in n8n’s XML node. Prior fixes intended to remediate a known prototype pollution vulnerability in XML processing were found to be insufficient, allowing attackers to circumvent the patch entirely and still manipulate object prototypes.
Independently, each of these vulnerabilities presents a serious risk. Together, they form a viable attack chain.
A threat actor with basic workflow access could exploit prototype pollution to corrupt application logic, extract secrets through the Git node flaw, and use the XML bypass to reinforce their foothold all without triggering obvious security alerts.
All three CVEs carry critical CVSS severity ratings, with network-based attack vectors, low privilege requirements, and no user interaction needed. Confidentiality, integrity, and availability are all rated as high impact.
Patches and Mitigations
n8n has released fixes for all three vulnerabilities. Users should upgrade immediately to one of the following patched versions:
- 1.123.43 or later
- 2.20.7 or later
- 2.22.1 or later
For organizations unable to patch immediately, n8n recommends restricting workflow creation permissions to trusted users only and disabling the vulnerable HTTP Request, Git, and XML nodes using the NODES_EXCLUDE environment variable. These workarounds reduce exposure but do not fully eliminate risk.
As workflow automation platforms become embedded in DevOps and enterprise pipelines, these findings serve as a sharp reminder that automation tools with broad system access are high-value targets and must be patched and access-controlled with the same urgency as core infrastructure.
No Comment! Be the first one.