CVE-2026-54314

Name: CVE-2026-54314 — Vulnerability Record
Brand: Quanteta Data Lab
SKU: CVE-2026-54314

MEDIUM

CVSS v4.0: 6.3

NetworkNo privilegesNo user interactionVendor advisory ref

Source data as of: 2026-06-24 05:00:54 UTC

At a glance

Severity: MEDIUM
CVSS: 6.3 v4.0 · NVD
EPSS: EPSS not provided by FIRST.org for this CVE
CISA KEV: No
Attack conditions (CVSS vector): NetworkNo privilegesNo user interaction · Source: NVD Vector
Published: 2026-06-23 · Modified: 2026-06-23
References: Jump to references (1)

CVSS / EPSS / KEV

CVSS v4.0 6.3 / 10 MEDIUM Source: NVD

EPSS — EPSS not provided by FIRST.org for this CVE Source: FIRST.org

CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression node's Decompress operation expanded attacker-controlled archives into memory without enforcing limits on decompressed output size. An unauthenticated attacker could send a small compressed archive to a public webhook workflow using this node, causing the n8n process to terminate due to memory exhaustion and disrupting all workflows in the same instance. This vulnerability is fixed in 2.24.0.

Record details

CVE ID: CVE-2026-54314
CVSS (v4.0): 6.3 (MEDIUM)
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA KEV: No
Weakness (CWE): CWE-409
Affected configurations (CPE): 0
Published: 2026-06-23
Modified: 2026-06-23
Status: Undergoing Analysis

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

Vendor advisory https://github.com/n8n-io/n8n/security/advisories/GHSA-jqpw-qww5-cj4c

← Back to all records

CVE-2026-54314

At a glance

CVSS / EPSS / KEV

Description

Record details

References

Related records

Same weakness type (CWE)

Published the same year