CVE Catalog

CVE-2026-44790

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.50%

39th percentile — higher than 39% of all known CVEs

Summary

n8n is an open source workflow automation platform. Prior to versions 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation, allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise.

Risk Assessment

This vulnerability could lead to serious security breaches, allowing attackers access to sensitive data on the n8n server. If exploited, the organization may lose control over its data and systems.

Recommendation

It is recommended to upgrade to versions 1.123.43, 2.22.1, or 2.20.7 to mitigate this vulnerability. Additionally, conducting a user permissions audit is advisable to minimize the risk of future attacks.

Original NVD description (English source)

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS