Remote Code Execution Vulnerability in n8n Workflow Automation Platform
CVE-2026-44791

9.4CRITICAL

Key Information:

Vendor: N8n-io
Status: N8n
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-44791?

An authenticated user with permission to create or modify workflows in n8n prior to specified versions can exploit a bypass in the XML node. This vulnerability allows for potential remote code execution on the n8n host when combined with other nodes, posing a significant risk to system integrity. Users are encouraged to update to the latest versions for enhanced security.

Affected Version(s)

n8n < 1.123.43 < 1.123.43

n8n >= 2.0.0-rc.0, < 2.20.7 < 2.0.0-rc.0, 2.20.7

n8n >= 2.21.0, < 2.21.1 < 2.21.0, 2.21.1

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-wr...

x_refsource_CONFIRM

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44791 Data

JSON

N8n-io

What is CVE-2026-44791?

Affected Version(s)

References

CVSS V4

Timeline