Memory Exhaustion Vulnerability in n8n Automation Platform
CVE-2026-54314

6.3MEDIUM

Key Information:

Vendor

N8n-io

Status
Vendor
CVE Published:
23 June 2026

What is CVE-2026-54314?

The n8n workflow automation platform is susceptible to a vulnerability where the Compression node's Decompress operation allows for the expansion of attacker-controlled archives into memory without imposing limits on the size of the decompressed output. This design flaw permits unauthenticated attackers to exploit public webhook workflows by sending small compressed archives, leading to memory exhaustion and halting all workflows within the affected instance. The issue has been addressed in version 2.24.0.

Affected Version(s)

n8n < 2.24.0

References

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.