CVE Catalog

CVE-2026-44789

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.52%

40th percentile — higher than 40% of all known CVEs

Summary

n8n is an open source workflow automation platform. Prior to versions 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node.

Risk Assessment

Combined with other techniques, this vulnerability could lead to remote code execution (RCE) on the instance, posing a serious security threat to the organization.

Recommendation

It is recommended to upgrade to versions 1.123.43, 2.22.1, or 2.20.7 to mitigate this vulnerability.

Original NVD description (English source)

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques this could lead to RCE on the instance. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS