Attack Chain

1. An attacker gains authenticated access to an n8n instance.
2. The attacker obtains permissions to create or modify workflows within n8n.
3. The attacker creates or modifies a workflow to include the Git node.
4. Within the Git node’s configuration, specifically the Push operation, the attacker injects malicious CLI flags. These flags are crafted to read arbitrary files from the server’s file system (e.g., using git --help).
5. The workflow is executed, and the Git node attempts to perform the Push operation with the injected flags.
6. Due to the flag injection, the Git command executes with the attacker-supplied arguments.
7. The attacker retrieves the contents of the targeted file, which may contain sensitive information.
8. The attacker leverages the stolen information to further compromise the n8n instance or connected systems.

Impact

Successful exploitation of CVE-2026-44790 allows an attacker to read arbitrary files from the n8n server. This can expose sensitive information such as API keys, credentials, configuration files, and other internal data. A successful attack could lead to full compromise of the n8n instance and potentially impact connected systems and data. The severity of the impact is critical due to the potential for complete system takeover and sensitive data exposure.

Recommendation

• Upgrade n8n to version 1.123.43, 2.20.7, 2.22.1, or later to patch CVE-2026-44790 as mentioned in the advisory.
• Limit workflow creation and editing permissions to only fully trusted users as a short-term workaround.
• Deploy the Sigma rule Detect n8n Git Node CLI Injection to identify potential exploitation attempts by monitoring process execution with suspicious Git commands.
• Monitor n8n application logs for Git node operations involving unusual command-line arguments, focusing on commands that attempt to read files outside the intended Git repository.