CVE-2026-44790
Awaiting Analysis Awaiting Analysis - Queue
Command Injection in n8n Workflow Automation Platform

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: GitHub, Inc.

Description
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-44790
EUVD
EUVD-2026-38484
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
n8n n8n to 1.123.43|end_excluding=2.20.7|end_excluding=2.22.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-88 The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows an authenticated user to read arbitrary files from the n8n server, potentially leading to full system compromise. Such unauthorized access to sensitive data can result in violations of data protection regulations like GDPR and HIPAA, which require strict controls over the confidentiality and integrity of personal and health information.

Because the vulnerability impacts confidentiality, integrity, and availability of data, it poses a significant risk to compliance with these standards, which mandate safeguarding sensitive information against unauthorized access and ensuring system security.

Mitigations such as upgrading to fixed versions or restricting permissions are critical to maintaining compliance and reducing the risk of data breaches.

Executive Summary

CVE-2026-44790 is a critical vulnerability in n8n, an open-source workflow automation platform. It affects versions prior to 1.123.43, 2.20.7, and 2.22.1.

The vulnerability occurs in the Git node's Push operation, where an authenticated user with permission to create or modify workflows can inject command-line interface (CLI) flags. This injection allows the attacker to read arbitrary files from the n8n server.

This flaw is due to improper neutralization of argument delimiters in command execution, classified as CWE-88.

The vulnerability has been fixed in versions 1.123.43, 2.22.1, and 2.20.7.

Impact Analysis

This vulnerability can have severe impacts including the potential for full system compromise.

An attacker who exploits this vulnerability can read arbitrary files on the n8n server, which may lead to unauthorized access to sensitive data.

The CVSS score of 9.4 (Critical) indicates high impacts on confidentiality, integrity, and availability of the affected system.

Detection Guidance

This vulnerability involves an authenticated user injecting CLI flags on the Git node's Push operation in n8n to read arbitrary files. Detection would focus on monitoring for unusual or unauthorized workflow modifications or suspicious Git node Push operations.

Since the vulnerability requires authenticated access with workflow creation or modification permissions, reviewing audit logs for unexpected workflow changes or Git node usage may help detect exploitation attempts.

No specific detection commands are provided in the available resources.

Mitigation Strategies

The primary mitigation is to upgrade n8n to version 1.123.43, 2.22.1, or 2.20.7 or later, where the vulnerability is fixed.

  • Restrict workflow creation and modification permissions to trusted users only.
  • Temporarily disable the Git node entirely to prevent exploitation via the Push operation.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44790. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart