CVE-2026-49465

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push...

CVE-2026-44790

CVE-2026-44790 affects the n8n platform. An authenticated user with permission to create or modify workflows can inject CLI flags on the Git node’s Push operation, enabling reading of arbitrary files from the n8n server and potentially leading to full compromise. Public details confirm the issue ...

CVE-2026-44790 n8n: Arbitrary File Read via Git Node

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leadi...

EUVD-2026-38484

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leadi...

CVE-2026-49465

Summary: n8n before versions 1.123.48, 2.21.8, and 2.22.4 contains a vulnerability where an authenticated user with permission to create or modify workflows can supply a local filesystem path as the source (Clone) or target (Push) repository for the Git node, bypassing the N8N_RESTRICT_FILE_ACCES...

n8n >= 0.123.0 and < 1.121.3 - Remote Code Execution

n8n versions = 0.123.0 and = 0.123.0 and = 0.123.0 and 1.121.3 contain a critical authenticated remote code execution vulnerability via arbitrary file write. An authenticated user can exploit the Git node to overwrite critical files and execute untrusted code on the n8n server, potentially leadin...

n8n: Git Node Clone and Push Operations Bypass File Sandbox

Impact An authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push operation, bypassing the N8NRESTRICTFILEACCESSTO file sandbox. This allowed the...

PT-2026-50151

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.48 n8n versions prior to 2.21.8 n8n versions prior to 2.22.4 Description An authenticated user with permissions to create or modify workflows can bypass the N8N RESTRICT FILE ACCESS TO file sandbox. By providing a...

GHSA-57G9-58C2-XJG3 n8n Has an Arbitrary File Read via Git Node

Impact An authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. Patches The issue has been fixed in n8n versions 1.123.43,...

Arbitrary Argument Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Arbitrary Argument Injection in a push operation. A user with permission to create or modify workflows can read arbitrary files on the server by injecting CLI flags during workflow creation or...

NPM: n8n Has an Arbitrary File Read via Git Node

NPM: n8n Has an Arbitrary File Read via Git Node vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...

n8n Has an Arbitrary File Read via Git Node

Impact An authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. Patches The issue has been fixed in n8n versions 1.123.43,...

EUVD-2026-27102

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modi...

n8n Node.js Package < 1.123.10 / 2.x < 2.5.0 OS Command Injection (CVE-2026-25053)

The version of the n8n Node.js Package installed on the remote host is prior to 1.123.10, or 2.x prior to 2.5.0. It is, therefore, affected by a command injection vulnerability: - Vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute...

CVE-2026-25053

n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been...

Command Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Command Injection via the Git node. An attacker can execute arbitrary system commands or read arbitrary files on the host by creating or modifying workflows as an authenticated user with the necessa...

n8n has OS Command Injection in Git Node

Impact Vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. Patches The issue has been fixed in n8n versions 2.5.0, and 1.123.10. Users should upgrade to this version...

GHSA-9G95-QF3F-GGRW n8n has OS Command Injection in Git Node

Impact Vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. Patches The issue has been fixed in n8n versions 2.5.0, and 1.123.10. Users should upgrade to this version...

CVE-2026-25053

n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been...

CVE-2026-25053 n8n is Vulnerable to OS Command Injection in Git Node

n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been...