CVE-2026-44791
Awaiting Analysis Awaiting Analysis - Queue
Remote Code Execution in n8n Workflow Automation Platform

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: GitHub, Inc.

Description
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-42232 in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-44791
EUVD
EUVD-2026-38485
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
n8n-io n8n 1.123.43
n8n-io n8n 2.20.7
n8n-io n8n 2.22.1
n8n-io n8n to 1.123.43 (exc)
n8n-io n8n to 2.20.7 (exc)
n8n-io n8n to 2.22.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1321 The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can have severe impacts as it enables an attacker with low privileges and no user interaction to execute arbitrary code remotely on the n8n host system. This can lead to full compromise of the affected system, including unauthorized access, data manipulation, and disruption of services.

Detection Guidance

There is no specific information provided about detection commands or methods to identify this vulnerability on your network or system.

Mitigation Strategies

To mitigate this vulnerability immediately, users should upgrade n8n to versions 1.123.43, 2.20.7, or 2.22.1 or later, where the issue is patched.

As temporary mitigations, restrict workflow creation and editing permissions to trusted users only.

Alternatively, disable the XML node by adding it to the NODES_EXCLUDE environment variable. Note that these workarounds are not complete solutions and should only be used as short-term measures.

Compliance Impact

The provided information does not specify how CVE-2026-44791 affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-44791 is a critical security vulnerability in the n8n workflow automation platform. It allows an authenticated user who has permission to create or modify workflows to bypass a previous patch related to the XML node. This bypass can be exploited, especially when combined with other nodes, to achieve Remote Code Execution (RCE) on the host system running n8n.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44791. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart