Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AC:H reflects the non-default prerequisite of a public webhook workflow using the Compression node; PR:N because no authentication is needed once that workflow exists; C:N/I:N as impact is purely availability.
Primary rating from Vendor (https://github.com/n8n-io/n8n).
CVSS VectorVendor: https://github.com/n8n-io/n8n
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Impact
The Compression node's Decompress operation expanded attacker-controlled archives into memory without enforcing limits on decompressed output size. An unauthenticated attacker could send a small compressed archive to a public webhook workflow using this node, causing the n8n process to terminate due to memory exhaustion and disrupting all workflows in the same instance.
Patches
The issue has been fixed in n8n version 2.24.0. Users should upgrade to this version or later to remediate the vulnerability. The fix introduces configurable limits on decompressed output size (N8N_COMPRESSION_NODE_MAX_DECOMPRESSED_SIZE_BYTES) and ZIP entry count (N8N_COMPRESSION_NODE_MAX_ZIP_ENTRIES).
Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
- Disable the Compression node by adding
n8n-nodes-base.compressionto theNODES_EXCLUDEenvironment variable. - Restrict public webhook workflows that accept archive file uploads to authenticated endpoints only.
These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
AnalysisAI
Denial of service via ZIP decompression bomb in n8n's Compression node affects all versions prior to 2.24.0, allowing unauthenticated remote attackers to terminate the entire n8n process by submitting a maliciously crafted archive to any public webhook workflow that uses the Decompress operation. Memory exhaustion crashes the host process, taking every workflow on the instance offline simultaneously - a significant blast radius in production deployments. No public exploit has been identified at time of analysis and no CISA KEV listing exists, but the attack primitive is trivially constructible once a vulnerable workflow is identified.
Technical ContextAI
n8n is an open-source workflow automation platform distributed as an npm package (CPE: pkg:npm/n8n). The affected component is the built-in Compression node, specifically its Decompress operation, which processes ZIP and other archive formats supplied via workflow inputs. The root cause is CWE-409 (Improper Handling of Highly Compressed Data), the classic 'decompression bomb' or 'ZIP bomb' class: a small, valid compressed payload that expands to an arbitrarily large amount of data in memory upon decompression. Prior to 2.24.0, the node enforced no ceiling on decompressed output size or ZIP entry count, so an attacker could cause the Node.js process to allocate gigabytes of heap memory until the OS OOM-kills or the runtime crashes. The fix in 2.24.0 introduces two configurable environment variables - N8N_COMPRESSION_NODE_MAX_DECOMPRESSED_SIZE_BYTES and N8N_COMPRESSION_NODE_MAX_ZIP_ENTRIES - to impose configurable hard limits. The GitHub Security Advisory GHSA-jqpw-qww5-cj4c is the authoritative source.
RemediationAI
Vendor-released patch: n8n 2.24.0. Upgrade the n8n npm package to version 2.24.0 or later; after upgrading, configure the new environment variables N8N_COMPRESSION_NODE_MAX_DECOMPRESSED_SIZE_BYTES and N8N_COMPRESSION_NODE_MAX_ZIP_ENTRIES to enforce decompression limits appropriate for your workload - leaving these unconfigured may default to permissive values, so review vendor documentation for recommended settings. Full advisory and patch details are available at https://github.com/n8n-io/n8n/security/advisories/GHSA-jqpw-qww5-cj4c. If immediate upgrade is not feasible, two partial workarounds are available: (1) Disable the Compression node entirely by adding n8n-nodes-base.compression to the NODES_EXCLUDE environment variable and restarting n8n - this blocks the attack but will break any existing workflows that rely on the Compression node, requiring workflow redesign before re-enabling; (2) Convert all public webhook workflows that accept archive file uploads to require authentication, eliminating the unauthenticated attack surface - however, this does not protect against a malicious authenticated user and requires auditing all workflow webhook configurations. Neither workaround constitutes full remediation; they should be used only as short-term mitigations pending upgrade.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38462
GHSA-jqpw-qww5-cj4c