CVE-2026-44789 | n8n-io n8n up to 1.123.42/2.20.6/2.21.0 HTTP Request prototype pollution (GHSA-c8xv-5998-g76h)
A vulnerability classified as critical has been found in n8n-io n8n up to 1.123.42/2.20.6/2.21.0. The impacted element is an unknown function of the component HTTP Request Handler. This manipulation causes improperly controlled modification of object prototype attributes.
This vulnerability appears as CVE-2026-44789. The attack may be initiated remotely. There is no available exploit.
It is recommended to upgrade the affected component.