49 matches found
n8n >= 0.123.0 and < 1.121.3 - Remote Code Execution
n8n versions = 0.123.0 and = 0.123.0 and = 0.123.0 and 1.121.3 contain a critical authenticated remote code execution vulnerability via arbitrary file write. An authenticated user can exploit the Git node to overwrite critical files and execute untrusted code on the n8n server, potentially leadin...
Arbitrary Argument Injection
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Arbitrary Argument Injection in a push operation. A user with permission to create or modify workflows can read arbitrary files on the server by injecting CLI flags during workflow creation or...
NPM: n8n Has an Arbitrary File Read via Git Node
NPM: n8n Has an Arbitrary File Read via Git Node vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...
GHSA-57G9-58C2-XJG3 n8n Has an Arbitrary File Read via Git Node
Impact An authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. Patches The issue has been fixed in n8n versions 1.123.43,...
n8n Has an Arbitrary File Read via Git Node
Impact An authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. Patches The issue has been fixed in n8n versions 1.123.43,...
EUVD-2026-27102
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modi...
n8n Node.js Package < 1.123.10 / 2.x < 2.5.0 OS Command Injection (CVE-2026-25053)
The version of the n8n Node.js Package installed on the remote host is prior to 1.123.10, or 2.x prior to 2.5.0. It is, therefore, affected by a command injection vulnerability: - Vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute...
CVE-2026-25053
n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been...
Command Injection
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Command Injection via the Git node. An attacker can execute arbitrary system commands or read arbitrary files on the host by creating or modifying workflows as an authenticated user with the necessa...
n8n has OS Command Injection in Git Node
Impact Vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. Patches The issue has been fixed in n8n versions 2.5.0, and 1.123.10. Users should upgrade to this version...
GHSA-9G95-QF3F-GGRW n8n has OS Command Injection in Git Node
Impact Vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. Patches The issue has been fixed in n8n versions 2.5.0, and 1.123.10. Users should upgrade to this version...
CVE-2026-25053
n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been...
EUVD-2026-5418
n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been...
CVE-2026-25053
CVE-2026-25053 affects n8n's Git node, where authenticated users with workflow creation/modification permissions could execute arbitrary system commands or read arbitrary files on the n8n host. The issue is fixed in versions 1.123.10 and 2.5.0; users should upgrade to at least these releases. If ...
CVE-2026-25053
n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been...
CVE-2026-25053 n8n is Vulnerable to OS Command Injection in Git Node
n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been...
CVE-2026-25053 n8n is Vulnerable to OS Command Injection in Git Node
n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been...
CVE-2026-25053 n8n is Vulnerable to OS Command Injection in Git Node
n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been...
PT-2026-6262
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.10 n8n versions prior to 2.5.0 Description n8n, an open source workflow automation platform, contains a flaw in the Git node. This allows authenticated users with create or modify permissions for workflows to execut...
n8n 操作系统命令注入漏洞
n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.10 and 2.5.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from vulnerabilities in the Git node, potentially allowing for the execution o...