Memory Exhaustion Vulnerability in n8n Automation Platform
CVE-2026-54314
6.3MEDIUM
What is CVE-2026-54314?
The n8n workflow automation platform is susceptible to a vulnerability where the Compression node's Decompress operation allows for the expansion of attacker-controlled archives into memory without imposing limits on the size of the decompressed output. This design flaw permits unauthenticated attackers to exploit public webhook workflows by sending small compressed archives, leading to memory exhaustion and halting all workflows within the affected instance. The issue has been addressed in version 2.24.0.
Affected Version(s)
n8n < 2.24.0
