49 matches found
PT-2026-6403
Impact Vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. Patches The issue has been fixed in n8n versions 2.5.0, and 1.123.10. Users should upgrade to this version...
CVE-2026-21877
n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version...
CVE-2026-21877 n8n is vulnerable to Remote Code Execution via Arbitrary File Write
n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version...
Arbitrary File Upload
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Arbitrary File Upload via the Git Node. An authenticated user can achieve execution of untrusted code by uploading malicious files that are subsequently executed by the service. This can lead to ful...
Arbitrary File Upload
Overview n8n-core is a Core functionality of n8n Affected versions of this package are vulnerable to Arbitrary File Upload via the Git Node. An authenticated user can achieve execution of untrusted code by uploading malicious files that are subsequently executed by the service. This can lead to...
n8n Vulnerable to RCE via Arbitrary File Write
Impact n8n is affected by an authenticated Remote Code Execution RCE vulnerability. Under certain conditions, an authenticated user may be able to cause untrusted code to be executed by the n8n service. This could result in full compromise of the affected instance. Both self-hosted and n8n Cloud...
PT-2026-1583
Name of the Vulnerable Software and Affected Versions n8n versions 0.121.2 through 1.121.2 n8n versions 0.123.0 through 1.121.3 Description n8n, an open-source workflow automation platform, is affected by a critical authenticated Remote Code Execution RCE vulnerability CVE-2026-21877. A successfu...
CVE-2025-65964
n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can poi...
CVE-2025-65964 n8n Vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook
n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can poi...
EUVD-2025-201815
n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can poi...
CVE-2025-65964
Summary: CVE-2025-65964 affects n8n open source workflow automation. Versions 0.123.1 through 1.119.1 allow remote code execution via the Git node’s pre-commit hook handling. The issue arises because Add Config can set arbitrary Git values (e.g., core.hooksPath), enabling a malicious Git hook to ...
Unsafe Dependency Resolution
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the Git node process, leading to code execution. A user can execute arbitrary system commands by setting a malicious core.hooksPath configuration and including a...
Unsafe Dependency Resolution
Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the Git node process, leading to code execution. A user can execute arbitrary system commands by setting a malicious core.hooksPath configuration and including a crafted Git hook in a repository, which i...
GHSA-WPQC-H9WP-CHMQ n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook
Impact The n8n Git node allows workflows to set arbitrary Git configuration values through the Add Config operation. When an attacker-controlled workflow sets core.hooksPath to a directory within the cloned repository containing a Git hook such as pre-commit, Git executes that hook during...
n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook
Impact The n8n Git node allows workflows to set arbitrary Git configuration values through the Add Config operation. When an attacker-controlled workflow sets core.hooksPath to a directory within the cloned repository containing a Git hook such as pre-commit, Git executes that hook during...
PT-2025-49610
Name of the Vulnerable Software and Affected Versions n8n versions 0.123.1 through 1.119.1 Description n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 lack sufficient protections against Remote Code Execution RCE through the project's pre-commit hooks. The Add...
Exploit for CVE-2025-62726
N8N Remote Code Execution CVE-2025-62726 POC/Exploit This vul...
CVE-2025-62726
n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use ...
CVE-2025-62726
n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use ...
Unsafe Dependency Resolution
Amendment This issue was found to be a duplicate. The original vulnerability with details can be found here. Credit: Assaf Levkovich...