CVE-2026-44789
CRITICAL SEVERITYCVSS Score & Metrics
Base Score
9.9 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Description
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques this could lead to RCE on the instance. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-1321
Source
GitHub
Vendor
npm
Product
n8n
Discussion (0)
Add Comment
No comments yet. Be the first!