Loading market data...
← Back to CVE feed

CVE-2026-44791

CRITICAL CVSS 9.9 View on NVD ↗

Description

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-42232 in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products

n8n/n8n
Published: Jun 23, 2026 17:16 UTC Modified: Jun 24, 2026 13:57 UTC