n8n Node.js Package < 1.123.48 / 2.x < 2.21.8 / 2.22.x < 2.22.4 Sandbox Escape (CVE-2026-49444)

high Nessus Plugin ID 321510

Version 1.4

Jun 26, 2026, 4:08 PM

  • Plugin metadata (Add IAVM Info)

Plugin Feed: 202606261608

Version 1.3

Jun 25, 2026, 9:10 AM

  • CVSS metrics ("Cvssv4 score" set to 7.1)
  • CVSS metrics ("Cvssv4 threat vector" set to "CVSS:4.0/E:U")
  • CVSS metrics ("Cvssv4 vector" set to "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N")

Plugin Feed: 202606250910

Version 1.2

Jun 20, 2026, 5:45 PM

  • CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C")
  • CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C")
  • Exploit attributes ("Exploit available" set to "False")
  • Exploit attributes ("Exploitability ease" set to "No known exploits are available")

Plugin Feed: 202606201745

Version 1.1

Jun 19, 2026, 1:00 AM

  • New

Plugin Feed: 202606190100

* Changelogs are generally available for changes made after Nov 1, 2022