Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-44791

CVE-2026-44791: N8n Workflow Automation RCE Vulnerability

CVE-2026-44791 is a remote code execution vulnerability in N8n workflow automation platform that allows authenticated users to bypass security patches. This article covers the technical details, affected versions, and mitigation.

Published:

CVE-2026-44791 Overview

CVE-2026-44791 affects n8n, an open source workflow automation platform. The vulnerability allows an authenticated user with permission to create or modify workflows to bypass the prior fix for CVE-2026-42232 in the XML node. When the XML node is combined with other workflow nodes, the bypass can escalate to remote code execution (RCE) on the n8n host. The flaw is tracked under [CWE-1321] and is fixed in versions 1.123.43, 2.22.1, and 2.20.7.

Critical Impact

Authenticated workflow editors can chain the XML node bypass with other nodes to execute arbitrary code on the n8n host, compromising confidentiality, integrity, and availability.

Affected Products

  • n8n versions prior to 1.123.43
  • n8n versions prior to 2.22.1
  • n8n versions prior to 2.20.7

Discovery Timeline

  • 2026-06-23 - CVE-2026-44791 published to NVD
  • 2026-06-24 - Last updated in NVD database

Technical Details for CVE-2026-44791

Vulnerability Analysis

The vulnerability resides in the XML node of n8n, which previously received a patch for CVE-2026-42232. That earlier patch did not fully constrain how the XML node processes attacker-controlled input. An authenticated user with workflow create or modify privileges can craft an XML node configuration that evades the existing controls. When the output of the XML node feeds into subsequent nodes that evaluate expressions or invoke runtime functions, the chained data flow results in code execution on the n8n host.

The issue maps to [CWE-1321], Improperly Controlled Modification of Object Prototype Attributes ("Prototype Pollution"). Prototype pollution in a Node.js workflow engine is particularly impactful because downstream nodes share the polluted runtime, allowing the manipulated prototype to influence parsing, templating, or command-building logic in unrelated nodes.

Root Cause

The XML node's sanitization logic introduced for CVE-2026-42232 fails to fully neutralize structures that mutate Object.prototype during XML-to-object conversion. The bypass permits crafted XML payloads to set properties that persist on the shared prototype within the Node.js process.

Attack Vector

An authenticated attacker with workflow editing rights builds a workflow that submits crafted XML through the XML node. The polluted prototype then alters the behavior of a downstream node (for example, a node that performs expression evaluation, HTTP requests, or command execution), causing the n8n runtime to execute attacker-controlled code. The attack is network-reachable through the n8n editor or API and requires no user interaction beyond the attacker's own authenticated session.

No public proof-of-concept code is referenced in the advisory. See the GitHub Security Advisory GHSA-wrwr-h859-xh2r for vendor-supplied technical details.

Detection Methods for CVE-2026-44791

Indicators of Compromise

  • Unexpected creation or modification of workflows containing XML nodes followed by Code, Function, HTTP Request, or Execute Command nodes.
  • n8n process spawning child processes such as sh, bash, cmd.exe, or node with unusual command lines.
  • Outbound network connections from the n8n host to unfamiliar destinations shortly after workflow execution.
  • New or modified credentials, API tokens, or scheduled triggers added by non-administrative accounts.

Detection Strategies

  • Audit n8n workflow change logs for XML node payloads containing __proto__, constructor, or prototype keys.
  • Correlate workflow execution events with process and network telemetry on the n8n host to surface chained-node abuse.
  • Alert on n8n service accounts performing file writes outside the workflow data directory.

Monitoring Recommendations

  • Forward n8n audit logs and container or host telemetry to a centralized analytics platform for correlation.
  • Monitor the n8n version banner across deployments to confirm patched releases are in use.
  • Track authenticated API calls to /workflows endpoints by users who do not normally edit workflows.

How to Mitigate CVE-2026-44791

Immediate Actions Required

  • Upgrade n8n to 1.123.43, 2.22.1, or 2.20.7 depending on the deployed release line.
  • Review all existing workflows that use the XML node and validate their authors and recent modifications.
  • Rotate credentials and API keys stored in n8n if unauthorized workflow changes are detected.
  • Restrict workflow create and modify permissions to a minimal set of trusted users.

Patch Information

The vendor has released fixed builds in n8n 1.123.43, 2.22.1, and 2.20.7. Patch details and release notes are published in the n8n GitHub Security Advisory.

Workarounds

  • Remove or disable the XML node in environments where it is not required until patched versions are deployed.
  • Restrict the n8n editor and API to authenticated administrators using network controls or a reverse proxy.
  • Run n8n under a least-privilege service account and within an isolated container to limit blast radius if RCE occurs.
bash
# Upgrade n8n in a Docker deployment
docker pull n8nio/n8n:1.123.43
docker stop n8n && docker rm n8n
docker run -d --name n8n \
  -p 5678:5678 \
  -v n8n_data:/home/node/.n8n \
  n8nio/n8n:1.123.43

# Verify installed version
docker exec n8n n8n --version

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.