Skip to main content

n8n EUVDEUVD-2026-38484

| CVE-2026-44790 CRITICAL
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)
2026-05-14 https://github.com/n8n-io/n8n GHSA-57g9-58c2-xjg3
9.4
CVSS 4.0 · Vendor: https://github.com/n8n-io/n8n
Share

Severity by source

Vendor (https://github.com/n8n-io/n8n) PRIMARY
9.4 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.9 CRITICAL

Network-reachable web UI (AV:N), trivial flag injection (AC:L), requires authenticated workflow editor (PR:L), no user interaction, host-level file read escapes app scope (S:C) with full CIA impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (https://github.com/n8n-io/n8n).

CVSS VectorVendor: https://github.com/n8n-io/n8n

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Analysis Updated
Jun 23, 2026 - 18:31 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 23, 2026 - 18:30 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 23, 2026 - 18:22 vuln.today
cvss_changed
CVSS changed
Jun 23, 2026 - 18:22 NVD
9.4 (CRITICAL)
Source Code Evidence Fetched
May 14, 2026 - 17:02 vuln.today
Analysis Generated
May 14, 2026 - 17:02 vuln.today
CVE Published
May 14, 2026 - 16:17 nvd
CRITICAL

DescriptionCVE.org

Impact

An authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise.

Patches

The issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1. Users should upgrade to one of these versions or later to remediate the vulnerability.

Workarounds

If upgrading is not immediately possible, administrators should consider the following temporary mitigations:

  • Limit workflow creation and editing permissions to fully trusted users only.
  • Disable the Git node by adding n8n-nodes-base.git to the NODES_EXCLUDE environment variable.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

--- n8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AnalysisAI

Argument injection in the n8n workflow automation platform's Git node allows authenticated users with workflow edit privileges to inject CLI flags into the Git Push operation, enabling arbitrary file read from the n8n server and potentially full host compromise. The flaw affects n8n versions prior to 1.123.43, 2.20.7, and 2.22.1, and is rated CVSS 9.4 (4.0) with no public exploit identified at time of analysis. EPSS is low at 0.04% (14th percentile), and the bug is classified under CWE-88 (Argument Injection).

Technical ContextAI

n8n is a Node.js-based, low-code workflow automation platform (npm package n8n) that ships built-in 'nodes' for integrating external services. The vulnerable component is the Git node (n8n-nodes-base.git), which invokes the git command line under the hood. CWE-88 (Improper Neutralization of Argument Delimiters) describes the root cause: user-controlled values passed to the Git Push operation are concatenated into the argv vector without proper separation, so a value beginning with - or -- is interpreted as a flag by git push. Because git supports options such as --upload-pack and --receive-pack that can execute helper programs, or features like core.sshCommand that read external files, attacker-controlled flags can be leveraged to read arbitrary files (and per the advisory, potentially escalate to full server compromise) under the n8n process identity.

RemediationAI

Vendor-released patches are available: upgrade to n8n 1.123.43, 2.20.7, or 2.22.1 (or any later release on those branches), as documented in the GitHub Security Advisory at https://github.com/n8n-io/n8n/security/advisories/GHSA-57g9-58c2-xjg3. If immediate upgrade is not possible, the vendor's documented workarounds are to disable the Git node entirely by adding n8n-nodes-base.git to the NODES_EXCLUDE environment variable (this breaks any existing workflows that rely on Git Push/Pull operations, so audit usage first), and to restrict workflow create/edit permissions strictly to fully trusted operator-level users, removing the editor role from any partially trusted accounts. Both mitigations are explicitly described as partial by the vendor and should be treated as temporary until the patched version is deployed.

Share

EUVD-2026-38484 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy