PatchSiren cyber security CVE debrief
CVE-2026-54314 n8n-io CVE debrief
CVE-2026-54314 is a vulnerability in the n8n workflow automation platform that allows for memory exhaustion via the Compression node's Decompress operation. Prior to version 2.24.0, an unauthenticated attacker could send a small compressed archive to a public webhook workflow using this node, causing the n8n process to terminate due to memory exhaustion and disrupting all workflows in the same instance. The vulnerability has a CVSS score of 6.3 and is classified as MEDIUM severity. This issue was fixed in version 2.24.0. The vulnerability was publicly disclosed on June 23, 2026, and the CVE record was last modified on June 25, 2026.
- Vendor
- n8n-io
- Product
- n8n
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-23
- Original CVE updated
- 2026-06-25
- Advisory published
- 2026-06-23
- Advisory updated
- 2026-06-25
Who should care
Users of the n8n workflow automation platform should be aware of this vulnerability, especially those who have public webhook workflows using the Compression node. Administrators of n8n instances should ensure they are running version 2.24.0 or later to mitigate this vulnerability. Additionally, users who have integrated n8n with other services or have sensitive workflows may want to take extra precautions to prevent exploitation.
Technical summary
The Compression node's Decompress operation in n8n versions prior to 2.24.0 expanded attacker-controlled archives into memory without enforcing limits on decompressed output size. This allows an unauthenticated attacker to cause memory exhaustion by sending a small compressed archive to a public webhook workflow. The vulnerability is due to the lack of input validation and limits on decompressed output size. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
High priority should be given to updating n8n instances to version 2.24.0 or later. In the meantime, administrators can consider limiting access to public webhook workflows using the Compression node or implementing additional monitoring to detect potential exploitation attempts.
Recommended defensive actions
- Update n8n instances to version 2.24.0 or later
- Limit access to public webhook workflows using the Compression node
- Implement additional monitoring to detect potential exploitation attempts
- Review and update workflows that use the Compression node to ensure they are not vulnerable
- Consider implementing compensating controls, such as rate limiting or IP blocking, to prevent exploitation
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, including its CVSS score and vector. The source item URL provides additional information on the vulnerability, including its status and references. The mitigation or vendor reference provides information on how to fix the vulnerability.
Official resources
-
CVE-2026-54314 CVE record
CVE.org
-
CVE-2026-54314 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
This article is AI-assisted and based on the supplied source corpus.