CVE-2026-44791
CriticalCVSS 9.9Exploitation Probability (EPSS)
Low risk41th percentile — higher than 41% of all known CVEs
Summary
n8n is an open source workflow automation platform. Prior to versions 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-42232 in the XML node, potentially leading to RCE on the n8n host.
Risk Assessment
This vulnerability poses a risk of remote code execution, which could allow unauthorized users to gain control over the n8n system.
Recommendation
It is recommended to upgrade to versions 1.123.43, 2.22.1, or 2.20.7 to mitigate this vulnerability.
Original NVD description (English source)
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-42232 in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.

