Compliance Impact

The provided information does not specify how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate the vulnerability in n8n prior to versions 1.123.43, 2.20.7, and 2.22.1, you should upgrade to one of these patched versions or later.

As temporary mitigations, you can restrict workflow creation permissions to trusted users only or disable the HTTP Request node by using the NODES_EXCLUDE environment variable.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-44789 is a critical vulnerability in n8n, an open-source workflow automation platform. It affects versions prior to 1.123.43, 2.20.7, and 2.22.1. The vulnerability arises from an unvalidated pagination parameter in the HTTP Request node, which allows an authenticated user with permission to create or modify workflows to perform global prototype pollution.

Prototype pollution is a type of security flaw where an attacker can modify the prototype of a base object, potentially altering the behavior of the application globally.

When combined with other techniques, this vulnerability can lead to remote code execution (RCE) on the affected n8n instance, allowing an attacker to execute arbitrary code.

The issue is classified as CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes).

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts if exploited. An attacker who is authenticated and has permission to create or modify workflows can exploit the prototype pollution flaw to achieve remote code execution (RCE) on the n8n instance.

Remote code execution allows the attacker to run arbitrary code on the server hosting n8n, potentially leading to full system compromise, data theft, data manipulation, or disruption of services.

Because the vulnerability requires workflow modification permissions, the risk can be mitigated by restricting these permissions to trusted users only.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability affects n8n versions prior to 1.123.43, 2.20.7, and 2.22.1 and involves prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Detection involves verifying the version of n8n running on your system and checking if the HTTP Request node is used with pagination parameters by authenticated users with workflow modification permissions.

To detect if your system is vulnerable, first identify the n8n version by running a command on the server hosting n8n, such as:

• Check the n8n version via CLI or Docker: `n8n --version` or `docker exec <container_name> n8n --version`
• Review workflow configurations for usage of the HTTP Request node with pagination parameters, which may require inspecting workflow JSON files or using the n8n API.

Since the vulnerability requires authenticated users with workflow modification permissions, auditing user permissions and workflow creation/modification logs can help detect potential exploitation attempts.

No specific network commands or signatures are provided in the available resources to detect exploitation attempts directly on the network.

Useful 0 Not Useful 0