Three Critical 9.4 CVSS Flaws Expose n8n Automation Nodes to Full RCE

Technical teams using the popular workflow automation platform n8n are facing a high-stakes security advisory after researchers exposed three distinct critical-severity vulnerabilities affecting core processing nodes.

The vulnerabilities, tracked as CVE-2026-44790, CVE-2026-44791, and CVE-2026-44789, each carry a severe CVSS score of 9.4. If exploited, an authenticated user possessing the rights to create or modify workflows can break out of standard operational constraints. This can allow them to read highly confidential server data or execute arbitrary code directly on the hosting instance, potentially triggering a total server takeover.

Given that n8n is actively relied upon by technical engineering teams to build complex automations with deep data permissions, these node-specific entry points represent an immediate and severe threat vector.

The first security gap, tracked as CVE-2026-44790, exists within n8n’s native Git integration node. Attackers can systematically inject malicious command-line interface (CLI) flags during a Git “Push” operation.

By twisting these backend parameters, an attacker can force the n8n server to look inward, reading arbitrary files directly from the local server filesystem. In an automation environment, this could expose master API tokens, hardcoded operational secrets, or environment files, paving the way for full infrastructure compromise.

The second flaw, tracked as CVE-2026-44791, acts as a patch bypass for CVE-2026-42232 tied directly to the platform’s XML parsing node.

By successfully overriding the previous security controls, an attacker can achieve prototype pollution within the application runtime. When combined strategically with the functionality of adjacent processing nodes, this logical compromise can be upgraded to trigger full Remote Code Execution (RCE) on the non-host instance.

The final 9.4 CVSS vulnerability, tracked as CVE-2026-44789, targets the heavily utilized HTTP Request node. The issue stems from a lack of validation within the node’s built-in pagination configuration parameter.

An attacker can weaponize this unvalidated input to trigger global prototype pollution across the application template. Once the JavaScript prototype chain is successfully poisoned, the attacker can leverage auxiliary system behaviors to establish an absolute RCE foothold over the n8n instance.

Because all three vulnerabilities share an identical risk rating, n8n’s engineering team has released a unified security update to address the entire triad simultaneously.

CVE Identifier	Vulnerability Impact	Affected Native Node Component	Remediation Version
CVE-2026-44790	Arbitrary File Read & Server Compromise	Git Node (Push operation)	1.123.43, 2.20.7, or 2.22.1 (and later)
CVE-2026-44791	XML Prototype Pollution to RCE	XML Node	1.123.43, 2.20.7, or 2.22.1 (and later)
CVE-2026-44789	Global Prototype Pollution to RCE	HTTP Request Node (Pagination parameter)	1.123.43, 2.20.7, or 2.22.1 (and later)

If immediate production upgrades are blocked by internal testing cycles, administrators are strongly advised to enforce immediate, temporary workarounds.

These workarounds are short-term defensive band-aids; they do not completely eliminate the architectural security risks and should only be sustained until a formal version patch can be deployed.

Instantly revoke workflow creation and editing permissions from all standard tiers, limiting configuration rights strictly to highly trusted platform administrators.

If specific integrations are not actively mission-critical, completely isolate and disable the problematic nodes by declaring them inside your deployment’s NODES_EXCLUDE environment variable.