Loading market data...
← Back to CVE feed

CVE-2026-44789

CRITICAL CVSS 9.9 View on NVD ↗

Description

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques this could lead to RCE on the instance. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products

n8n/n8n
Published: Jun 23, 2026 17:16 UTC Modified: Jun 24, 2026 15:16 UTC