Recent discoveries have unveiled critical vulnerabilities in n8n, a widely used workflow automation platform, that could enable attackers to achieve full remote code execution (RCE) on affected systems. These flaws, identified as CVE-2026-44789, CVE-2026-44790, and CVE-2026-44791, impact core components of n8n, including the HTTP Request, Git, and XML nodes.
Prototype Pollution in HTTP Request Node
The most severe of these vulnerabilities, CVE-2026-44789, resides in the HTTP Request node. Due to inadequate validation of pagination parameters, attackers can exploit this flaw to perform prototype pollution—a technique that allows manipulation of JavaScript object prototypes at a global level. This manipulation can be leveraged to execute arbitrary code on the host system, posing a significant risk to environments that rely heavily on automation.
Git Node Argument Injection
CVE-2026-44790 affects the Git node, where attackers can inject malicious command-line interface (CLI) flags during Git push operations. This vulnerability enables unauthorized reading of arbitrary files on the server, including sensitive configuration data and credentials. Such access can lead directly to full system compromise.
XML Node Patch Bypass
The third vulnerability, CVE-2026-44791, involves a patch bypass in the XML node. Despite previous fixes, attackers can still exploit prototype pollution through alternative methods. When combined with other vulnerabilities, this flaw can also result in remote code execution, effectively nullifying earlier security measures.
Affected Versions and Mitigation
These vulnerabilities affect n8n versions below 1.123.43, 2.20.7, and 2.22.1. Users are strongly advised to upgrade to versions 1.123.43, 2.20.7, 2.22.1, or later to mitigate these risks. For organizations unable to patch immediately, it is recommended to restrict workflow creation and editing permissions to trusted users. Additionally, administrators can disable the vulnerable nodes by setting the NODES_EXCLUDE environment variable as follows:
- Disable HTTP Request node: n8n-nodes-base.httpRequest
- Disable Git node: n8n-nodes-base.git
- Disable XML node: n8n-nodes-base.xml
However, these measures are temporary and do not fully eliminate the risk.
These vulnerabilities underscore the importance of rigorous security practices in automation platforms like n8n. Organizations should prioritize timely updates and implement strict access controls to safeguard against potential exploits.
Source: CyberSecurityNews
