CVE-2026-54313 n8n-io CVE debrief

Who should care

Users of n8n versions prior to 2.24.0 who have workflow edit access should be aware of this vulnerability. This includes administrators and developers who manage workflows in n8n. Updating to version 2.24.0 or later will mitigate this risk.

Technical summary

CVE-2026-54313 is a vulnerability in the n8n workflow automation platform. Specifically, it affects the MongoDB node in the Find And Replace operation. An authenticated user with workflow edit access can provide a malicious filter value that is not validated before being used in a MongoDB query. This allows unintended documents to be matched and overwritten with content controlled by the attacker. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 6.5, indicating a medium severity level. The vulnerability has been fixed in n8n version 2.24.0.

Defensive priority

Defenders should prioritize updating n8n to version 2.24.0 or later. In the meantime, they should monitor workflow edits and MongoDB interactions for suspicious activity.

Recommended defensive actions

• Update n8n to version 2.24.0 or later.
• Monitor workflow edits and MongoDB interactions for suspicious activity.
• Restrict workflow edit access to trusted users.
• Implement additional logging and monitoring of MongoDB operations.
• Consider compensating controls such as IP restrictions or network segmentation.

Evidence notes

The CVE-2026-54313 vulnerability was published on June 23, 2026, and last modified on June 25, 2026. The vulnerability is described in the CVE record and the NVD detail page. A mitigation or vendor reference is available on the GitHub advisory page.

Official resources