CVE Catalog

CVE-2026-54313

HighCVSS 7.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile — higher than 17% of all known CVEs

Summary

n8n is an open source workflow automation platform. Prior to version 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation, leading to unintended documents being matched and overwritten with attacker-controlled content.

Risk Assessment

This vulnerability may lead to unauthorized access and modification of data, posing a serious threat to data integrity within the organization.

Recommendation

It is recommended to upgrade to version 2.24.0 or later to mitigate this vulnerability and to conduct an audit of workflow access.

Original NVD description (English source)

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing unintended documents to be matched and overwritten with attacker-controlled content. This vulnerability is fixed in 2.24.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS