CVE-2026-44790

Published Jun 23, 2026

Last updated 11 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-44790 is a vulnerability affecting the n8n workflow automation platform, specifically within the Git node's Push operation. An authenticated user who possesses permissions to create or modify workflows can exploit this flaw by injecting command-line interface (CLI) flags. This injection allows the attacker to read arbitrary files from the n8n server. This vulnerability is categorized as an argument injection bug (CWE-88). Successful exploitation could lead to the exposure of sensitive information such as configuration data, API keys, or credentials. Patches for CVE-2026-44790 have been released in n8n versions 1.123.43, 2.20.7, and 2.22.1.

Description
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.
Source
security-advisories@github.com
NVD status
Analyzed
Products
n8n

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.4
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-88

Social media

Hype score
Not currently trending
  1. CVE-2026-44789, CVE-2026-44790 & CVE-2026-44791: 3 new vulnerabilities in n8n, 9.4 rating 🔥 Recently disclosed vulnerabilities in n8n allow an attacker to read arbitrary files from the server, achieve global prototype pollution and bypass the patch for previous vulnerabil

    @Netlas_io

    20 May 2026

    5066 Impressions

    18 Retweets

    51 Likes

    23 Bookmarks

    2 Replies

    0 Quotes

  2. 🚨 Upozorňujeme na sérii zranitelností v platformě n8n, CVE-2026-44789, CVE-2026-44790 a CVE-2026-44791. Byly identifikovány tři kritické chyby v nativních uzlech HTTP Request, Git a XML, které umožňují nízko-privilegovaným autentizovaným útočníkům s opráv

    @GOVCERT_CZ

    20 May 2026

    559 Impressions

    2 Retweets

    7 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. n8nに重大な脆弱性(CVE-2026-44789・CVE-2026-44790・CVE-2026-44791) https://t.co/gsgKoLYpvA #セキュリティ対策Lab #security #securitynews

    @securityLab_jp

    20 May 2026

    105 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2026-44790. 0day Intel: n8n fixes three critical 9.4 CVSS flaws (CVE-2026-44790/91/89). Authenticated us

    @lyrie_ai

    19 May 2026

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. n8nにCVSSスコア9.4の重大(Critical)な脆弱性が3件。CVE-2026-44790、CVE-2026-44791、CVE-2026-44789。ワークフローの作成/変更が可能なユーザがインフラ側で任意のコードを実行できる。修正版提供あり。 https://t.co/ioxgK7xj0u

    @__kokumoto

    18 May 2026

    1111 Impressions

    2 Retweets

    7 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨High - n8n Multiple Critical Vulnerabilities (CVE-2026-44791, CVE-2026-44792, CVE-2026-45732, CVE-2026-44789, CVE-2026-44790) Multiple high-severity vulnerabilities were disclosed in n8n, including Prototype Pollution leading to RCE (via XML Node and HTTP Request Node),

    @UpwindMDR

    14 May 2026

    80 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.