Skip to main content

n8n CVE-2026-44789

| EUVDEUVD-2026-38483 CRITICAL
Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) (CWE-1321)
2026-05-14 https://github.com/n8n-io/n8n GHSA-c8xv-5998-g76h
9.4
CVSS 4.0 · Vendor: https://github.com/n8n-io/n8n
Share

Severity by source

Vendor (https://github.com/n8n-io/n8n) PRIMARY
9.4 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.5 HIGH

Network-reachable HTTP UI with low-privileged workflow-editor account (PR:L); AC:H because full RCE requires chaining a separate gadget per vendor; scope unchanged as impact stays within the n8n process.

3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (https://github.com/n8n-io/n8n).

CVSS VectorVendor: https://github.com/n8n-io/n8n

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Analysis Updated
Jun 23, 2026 - 18:32 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 23, 2026 - 18:31 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 23, 2026 - 18:22 vuln.today
cvss_changed
CVSS changed
Jun 23, 2026 - 18:22 NVD
9.4 (CRITICAL)
Source Code Evidence Fetched
May 14, 2026 - 17:01 vuln.today
Analysis Generated
May 14, 2026 - 17:01 vuln.today
CVE Published
May 14, 2026 - 16:17 nvd
CRITICAL

DescriptionCVE.org

Impact

An authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques this could lead to RCE on the instance.

Patches

The issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1. Users should upgrade to one of these versions or later to remediate the vulnerability.

Workarounds

If upgrading is not immediately possible, administrators should consider the following temporary mitigations:

  • Limit workflow creation and editing permissions to fully trusted users only.
  • Disable the HTTP Request node by adding n8n-nodes-base.httpRequest to the NODES_EXCLUDE environment variable.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

--- n8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AnalysisAI

Prototype pollution leading to remote code execution in n8n workflow automation platform allows authenticated users with workflow create/modify permissions to corrupt the global Object prototype via an unvalidated pagination parameter in the HTTP Request node. Affecting n8n versions before 1.123.43, 2.20.7, and 2.22.1, the flaw chains with other techniques to escalate to full instance compromise. No public exploit identified at time of analysis, with EPSS at 0.05% (16th percentile) indicating low observed exploitation interest despite CVSS 4.0 9.4 critical rating.

Technical ContextAI

n8n is a popular open-source workflow automation platform (fair-code licensed) built on Node.js, allowing users to chain HTTP requests, webhooks, and integrations into automation pipelines. The root cause is CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes - 'Prototype Pollution'), a JavaScript-specific class of bug where attacker-controlled keys (e.g., '__proto__', 'constructor.prototype') are merged into objects without filtering, mutating the global Object prototype and affecting all subsequent object lookups across the process. The vulnerable input path is the pagination parameter handling of the n8n-nodes-base.httpRequest node, where user-supplied data is processed without key sanitization. In Node.js environments, prototype pollution frequently chains into RCE via gadgets such as polluted child_process options, template engines, or library configuration objects - the advisory explicitly notes 'combined with other techniques this could lead to RCE'. Affected CPE is pkg:npm/n8n across multiple release lines (1.x and 2.x).

RemediationAI

Vendor-released patch: upgrade to n8n 1.123.43, 2.20.7, or 2.22.1 (or later) per the version branch in use, as documented in the GitHub Security Advisory at https://github.com/n8n-io/n8n/security/advisories/GHSA-c8xv-5998-g76h. If immediate upgrade is not possible, restrict workflow create and edit permissions to fully trusted operators only via n8n's role-based access controls - this directly removes the attacker prerequisite but is operationally disruptive for teams that delegate workflow authoring widely. As a second compensating control, disable the HTTP Request node entirely by adding n8n-nodes-base.httpRequest to the NODES_EXCLUDE environment variable; this eliminates the vulnerable code path but breaks any existing workflow that performs outbound HTTP calls, which is a core n8n use case and will likely halt many production automations. The vendor explicitly notes these workarounds do not fully remediate the risk.

CVE-2026-34621 HIGH POC
8.6 Apr 11

Prototype pollution in Adobe Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier enables arbitrary code execu

CVE-2024-56059 CRITICAL
9.8 Dec 18

Prototype pollution in the farinspace Partners WordPress plugin (versions up to and including 0.2.0) enables remote unau

CVE-2020-28271 CRITICAL POC
9.8 Nov 12

Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service

CVE-2023-38894 CRITICAL POC
9.8 Aug 16

A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code vi

CVE-2024-24292 CRITICAL POC
9.8 Mar 28

A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function

CVE-2023-26121 CRITICAL POC
10.0 Apr 11

All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper s

CVE-2021-23449 CRITICAL POC
10.0 Oct 18

This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitr

CVE-2024-39011 CRITICAL POC
9.8 Jul 30

Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Ser

CVE-2024-38988 CRITICAL POC
9.8 Mar 28

alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/inde

CVE-2025-57347 CRITICAL POC
9.8 Sep 24

A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConf

CVE-2025-57321 CRITICAL POC
9.8 Sep 24

A Prototype Pollution vulnerability in the util-deps.addFileDepend function of magix-combine-ex versions thru 1.2.10 all

CVE-2024-45435 CRITICAL POC
9.8 Aug 29

Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. Rated critical severity (CVSS 9.8), this

Share

CVE-2026-44789 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy