HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-44790Published Modified CNA GitHub_M

CVE-2026-44790: n8n: Arbitrary File Read via Git Node

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. This vulnerability is fixed in 1.123.43, 2.22.1, and 2.20.7.

Metrics

CVSS v4.0
9.4
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a CLI argument injection vulnerability in n8n, an open-source workflow automation platform. An authenticated user who has permission to create or modify workflows can inject extra command-line flags into the Git node's Push operation, causing the n8n server to read and expose arbitrary files from its own filesystem. Successful exploitation gives the attacker access to any file readable by the n8n process, and the high scores across confidentiality, integrity, and availability in the CVSS vector indicate this can lead to full server compromise. No fix versions have been published upstream yet; HarborGuard tracks the advisory and will make a patched-image rebuild available the moment a fix is released.

HarborGuard Coverage

Detection

Detection of CVE-2026-44790 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images in connected registries and CI pipelines, including custom-built n8n images. Coverage extends to any image layer that includes an affected n8n release, regardless of how the image was assembled.

Available
Triage

Triage capability is available with the CVE scored at CVSS 9.4 (Critical, v4.0), surfaced against each customer environment's compliance policy weighting so the finding is routed to the correct team inbox without manual sorting. Per-environment policy rules can further escalate or suppress the alert based on factors such as whether the n8n service is internet-exposed or restricted to internal networks.

Available
Patch

Because no upstream fix has been published, HarborGuard re-checks the advisory on every ingest cycle and will automatically make a patched-image rebuild available the moment a fix version appears in the n8n release feed. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be triggered without any manual intervention once the upstream patch is available.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the n8n web interface or API over the network; the service exposes HTTP endpoints that are the entry point for exploitation.

  • AuthenticationRequired

    A valid account with permission to create or edit workflows is needed, though any low-privilege account granted that permission is sufficient.

  • Victim interactionNot required

    No action from another user or administrator is needed; the attacker triggers the vulnerable Git Push operation directly through their own session.

  • Attack complexityDetail

    Exploitation is straightforward and condition-free; no race conditions, memory layout dependencies, or special environmental factors are required.

Blast Radius

  • Reads arbitrary files from the n8n server filesystem, including credential stores, environment variable files, and private SSH keys used by the application.
  • Modifies or exfiltrates workflow definitions and stored secrets, enabling an attacker to pivot to connected third-party services integrated into n8n workflows.
  • Compromises systems downstream of n8n by leveraging harvested credentials or API tokens to authenticate against external services the workflows interact with.
  • Disrupts n8n service availability through manipulation of configuration files or by exhausting server resources during bulk file reads.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix exists for CVE-2026-44790 at this time, the platform continuously re-checks the n8n advisory on every ingest cycle and will surface a patched-image rebuild the moment a fix version is published. In the interim, compensating controls available within HarborGuard include network-policy isolation recommendations that flag internet-exposed n8n deployments for review, and policy rules that can gate workflow-creation permissions to a minimal trusted set of accounts. For customers with auto-remediation enabled, the full rebuild, regression test run, and PR flow will trigger automatically against affected workloads as soon as an upstream fix is available, with no manual steps required. Customers running affected n8n image versions are advised to restrict workflow edit permissions to the smallest possible set of accounts and to isolate the n8n service from direct internet exposure until a patch is released.

See how HarborGuard automates this
Affected packages
  • n8n-io / n8n
    < 1.123.43 · >= 2.0.0-rc.0, < 2.20.7 · >= 2.21.0, < 2.21.1
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
References