vulnerability context

CVE-2026-44790

CVSS 8.8 HIGHEPSS 46%CWE-88OTX 3 pulses

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.

Published 2026-06-23 · last modified 2026-06-24

details

CISA KEV status: Not in catalog
CVSS v3: 8.8 / HIGH
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS: 46% percentile (score 0.0063)
CWE: CWE-88
OTX pulses: 3 total, 0 recent

View on NVD → · cve.org

source mentions 2

[CyberHub] 📌 CVE-2026-44790 - n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an aut...Bluesky:@cyberhub.blog · 1h ago
[CVE-2026-44790] n8n Has an Arbitrary File Read via Git NodeGitHub Advisories · 2026-05-14

source consensus

Bluesky:@cyberhub.blog1×
GitHub Advisories1×

Want the 3-bullet summary of CVE-2026-44790, plus webhook alerts when KEV is updated? Pro is $10/mo.

Open in reader See Pro →