Critical n8n Vulnerabilities Enable Remote Code Execution Risks
Severity: High (Score: 69.8)
Sources: Cybersecuritynews, Gbhackers
Published: · Updated:
Keywords: critical, vulnerabilities, automation, security, flaws, attackers, achieve
Severity indicators: critical, vulnerabilities, security flaw, security flaws, flaw, rce
Summary
Multiple critical vulnerabilities have been identified in the n8n workflow automation platform, allowing attackers to potentially achieve full remote code execution (RCE). These vulnerabilities, tracked as CVE-2026-44789, CVE-2026-44790, and CVE-2026-44791, affect various core nodes and impact n8n versions prior to 1.123.43, 2.20.7, and 2.22.1. Researchers have indicated that these flaws can be chained together, significantly increasing the risk of exploitation. The vulnerabilities were disclosed through GitHub Security Advisories, prompting urgent attention from users of the platform. As of now, no patches have been mentioned in the articles, leaving systems vulnerable. Organizations using affected versions are advised to assess their exposure and implement necessary security measures. Key Points: • Critical vulnerabilities in n8n allow for potential remote code execution. • Affected versions include those prior to 1.123.43, 2.20.7, and 2.22.1. • No patches have been released yet, increasing the urgency for users to secure their systems.
Detailed Analysis
**Impact** The vulnerabilities affect multiple core nodes of the n8n workflow automation platform, impacting versions prior to 1.123.43, 2.20.7, and 2.22.1. Organizations using these versions across various sectors that rely on automation workflows are at risk of remote code execution (RCE), potentially leading to full system compromise. The geographic scope and exact number of affected deployments are not specified in the articles. **Technical Details** Attackers can chain multiple flaws to achieve full RCE on affected systems. The vulnerabilities are tracked as CVE-2026-44789, CVE-2026-44790, and CVE-2026-44791 and were disclosed via GitHub Security Advisories. The attack vector involves exploitation of core automation nodes within n8n, but no specific malware, tools, or IOCs are mentioned. These flaws enable attackers to execute code remotely, corresponding to the execution phase in the kill chain. **Recommended Response** Apply the latest patches by upgrading n8n to versions 1.123.43, 2.20.7, or 2.22.1 or later as applicable. Monitor network and system logs for unusual activity related to workflow execution and remote code execution attempts. Harden configurations by restricting access to n8n instances and enforcing least privilege principles. No specific IOCs or detection signatures are provided in the articles.
Source articles (2)
- Critical n8n Vulnerabilities Expose Automation Nodes to Full RCE — Cybersecuritynews · 2026-05-18
A fresh set of critical vulnerabilities in the popular workflow automation platform n8n is raising serious security concerns, as researchers warn that attackers could chain multiple flaws to achieve f… - n8n Security Flaws Could Let Attackers Achieve Remote Code Execution — Gbhackers · 2026-05-18
A set of critical vulnerabilities in the popular workflow automation platform n8n has raised serious security concerns, with researchers warning that attackers could chain multiple flaws to achieve fu…
Timeline
- 2026-05-18 — Critical vulnerabilities disclosed: Researchers disclosed multiple critical vulnerabilities in n8n that could lead to full remote code execution.
- 2026-05-18 — Vulnerabilities tracked as CVEs: The vulnerabilities are tracked as CVE-2026-44789, CVE-2026-44790, and CVE-2026-44791, impacting core nodes.
CVEs
Related entities
- Zero-day Exploit (Attack Type)
- N8n (Platform)