n8n Node.js Package < 1.121.3 RCE (CVE-2026-21877)

The version of the n8n Node.js Package installed on the remote host is prior to 1.121.3. It is, therefore, affected by a remote code execution vis expression injection vulnerability: - Under certain conditions, an authenticated user may be able to cause untrusted code to be executed by the n8n...

n8n Users Urged to Patch CVSS 10.0 Full System Takeover Vulnerability

A critical vulnerability CVE-2026-21877 found by Upwind affects n8n automation tools. Learn why researchers are urging users to update to version 1.121.3 immediately to prevent remote code execution...

CVE-2026-21877

n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version...

CVE-2026-21877

n8n versions up to 0.121.2 and 0.123.0–1.121.2 are affected by CVE-2026-21877, a critical authenticated remote code execution via arbitrary file write in the Git node. Exploitation requires authentication and could lead to full system compromise. Mitigation: upgrade to n8n v1.121.3 or later; or t...

n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions

Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution RCE. The vulnerability, which has been assigned the CVE identifier CVE-2026-21877 , is rated 10.0 on the CVSS scoring...

Arbitrary File Upload

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Arbitrary File Upload via the Git Node. An authenticated user can achieve execution of untrusted code by uploading malicious files that are subsequently executed by the service. This can lead to ful...

GHSA-V364-RW7M-3263 n8n Vulnerable to RCE via Arbitrary File Write

Impact n8n is affected by an authenticated Remote Code Execution RCE vulnerability. Under certain conditions, an authenticated user may be able to cause untrusted code to be executed by the n8n service. This could result in full compromise of the affected instance. Both self-hosted and n8n Cloud...

n8n Vulnerable to RCE via Arbitrary File Write

Impact n8n is affected by an authenticated Remote Code Execution RCE vulnerability. Under certain conditions, an authenticated user may be able to cause untrusted code to be executed by the n8n service. This could result in full compromise of the affected instance. Both self-hosted and n8n Cloud...

PT-2026-1583

Name of the Vulnerable Software and Affected Versions n8n versions 0.121.2 through 1.121.2 n8n versions 0.123.0 through 1.121.3 Description n8n, an open-source workflow automation platform, is affected by a critical authenticated Remote Code Execution RCE vulnerability CVE-2026-21877. A successfu...