{"data":{"id":"29f001b7-b998-47ce-a42e-3e940ee2e03a","title":"GHSA-57g9-58c2-xjg3: n8n Has an Arbitrary File Read via Git Node","summary":"A vulnerability in n8n (a workflow automation tool) allows authenticated users with permission to create or modify workflows to read arbitrary files from the server by injecting malicious commands into the Git node's Push operation. This could potentially give an attacker complete control over the n8n server.","solution":"Upgrade to n8n versions 1.123.43, 2.20.7, or 2.22.1 or later. If upgrading immediately is not possible, temporarily limit workflow creation and editing permissions to trusted users only, or disable the Git node by adding `n8n-nodes-base.git` to the `NODES_EXCLUDE` environment variable (though these workarounds do not fully fix the risk and should only be used short-term).","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-57g9-58c2-xjg3","publishedAt":"2026-05-14T16:17:35.000Z","cveId":"CVE-2026-44790","cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":["n8n@>= 2.0.0-rc.0, < 2.20.7 (fixed: 2.20.7)","n8n@>= 2.21.0, < 2.22.1 (fixed: 2.22.1)","n8n@< 1.123.43 (fixed: 1.123.43)"],"affectedVendors":[],"affectedVendorsRaw":["n8n"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-14T16:17:35.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}