CVE-2026-44789
CriticalCVSS 9.9Exploitation Probability (EPSS)
Low risk40th percentile — higher than 40% of all known CVEs
Summary
n8n is an open source workflow automation platform. Prior to versions 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node.
Risk Assessment
Combined with other techniques, this vulnerability could lead to remote code execution (RCE) on the instance, posing a serious security threat to the organization.
Recommendation
It is recommended to upgrade to versions 1.123.43, 2.22.1, or 2.20.7 to mitigate this vulnerability.
Original NVD description (English source)
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques this could lead to RCE on the instance. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.

