CVE Vulnerabilities

CVE-2026-54314

Improper Handling of Highly Compressed Data (Data Amplification)

Published: Jun 23, 2026 | Modified: Jun 25, 2026
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io logo minimus.io logo echo.ai logo

n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression nodes Decompress operation expanded attacker-controlled archives into memory without enforcing limits on decompressed output size. An unauthenticated attacker could send a small compressed archive to a public webhook workflow using this node, causing the n8n process to terminate due to memory exhaustion and disrupting all workflows in the same instance. This vulnerability is fixed in 2.24.0.

Weakness

The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.

Affected Software

NameVendorStart VersionEnd Version
N8nN8n*2.24.0 (excluding)

References