Description
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques this could lead to RCE on the instance. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.
Published: 2026-06-23
Score: 9.4 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

n8n's HTTP Request node accepts an unvalidated pagination parameter that allows authenticated users to perform global prototype pollution, which, when combined with additional techniques, can lead to remote code execution on the instance. The flaw is a classic prototype pollution attack (CWE‑1321) that can overwrite prototype properties and ultimately execute arbitrary code.

Affected Systems

The affected product is n8n from n8n‑io. Versions prior to 1.123.43, 2.22.1, and 2.20.7 are vulnerable. Users running any of these releases without the patch are at risk.

Risk and Exploitability

The vulnerability carries a CVSS score of 9.4, indicating a critical impact. No EPSS data is available, and the flaw is not listed in the CISA KEV catalog. The attack requires an authenticated account with permission to create or modify workflows and can be achieved locally within the instance; no remote exploitation without credentials is documented.

Generated by OpenCVE AI on June 23, 2026 at 22:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade n8n to version 1.123.43, 2.22.1, or 2.20.7, whichever applies to your deployment, to apply the patch that removes the prototype pollution vulnerability.
  • Restrict workflow creation and modification privileges to trusted users only, and audit workflow changes for unusual activity.
  • Enforce that the pagination parameter of the HTTP Request node accepts only valid numeric values within a reasonable range and block requests with non‑numeric or out‑of‑range values pending the upgrade.

Generated by OpenCVE AI on June 23, 2026 at 22:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-c8xv-5998-g76h n8n: HTTP Request Node Pagination Prototype Pollution to RCE
History

Tue, 23 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques this could lead to RCE on the instance. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.
Title n8n: HTTP Request Node Pagination Prototype Pollution to RCE
Weaknesses CWE-1321
References
Metrics cvssV4_0

{'score': 9.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-23T15:52:45.321Z

Reserved: 2026-05-07T19:20:44.691Z

Link: CVE-2026-44789

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T22:15:04Z

Weaknesses
  • CWE-1321

    Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')