CVE-2026-44790
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk39th percentile — higher than 39% of all known CVEs
Summary
n8n is an open source workflow automation platform. Prior to versions 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation, allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise.
Risk Assessment
This vulnerability could lead to serious security breaches, allowing attackers access to sensitive data on the n8n server. If exploited, the organization may lose control over its data and systems.
Recommendation
It is recommended to upgrade to versions 1.123.43, 2.22.1, or 2.20.7 to mitigate this vulnerability. Additionally, conducting a user permissions audit is advisable to minimize the risk of future attacks.
Original NVD description (English source)
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.

