Tag
An authenticated user with workflow creation or modification permissions can inject CLI flags into the Git node's Push operation, leading to arbitrary file read on the n8n server; patched in versions 1.123.43, 2.20.7, and 2.22.1, and tracked as CVE-2026-44790.