Headline
GHSA-365g-vjw2-grx8: n8n: Execute Command Node Allows Authenticated Users to Run Arbitrary Commands on Host
Impact
The Execute Command node in n8n allows execution of arbitrary commands on the host system where n8n runs. While this functionality is intended for advanced automation and can be useful in certain workflows, it poses a security risk if all users with access to the n8n instance are not fully trusted.
An attacker—either a malicious user or someone who has compromised a legitimate user account—could exploit this node to run arbitrary commands on the host machine, potentially leading to data exfiltration, service disruption, or full system compromise.
This vulnerability affects all n8n deployments where:
- The
Execute Commandnode is enabled, and - Not all user accounts are strictly controlled and trusted.
n8n.cloud is not impacted.
Patches
No code changes have been made to alter the behavior of the Execute Command node. The recommended mitigation is to disable the node by default in environments where it is not explicitly required.
Future n8n versions may change the default availability of this node.
Workarounds
Administrators can disable the Execute Command node by setting the following environment variable before starting n8n:
export NODES_EXCLUDE: "[\"n8n-nodes-base.executeCommand\"]"
References
n8n docs: Execute Command n8n docs: Blocking nodes
Impact
The Execute Command node in n8n allows execution of arbitrary commands on the host system where n8n runs. While this functionality is intended for advanced automation and can be useful in certain workflows, it poses a security risk if all users with access to the n8n instance are not fully trusted.
An attacker—either a malicious user or someone who has compromised a legitimate user account—could exploit this node to run arbitrary commands on the host machine, potentially leading to data exfiltration, service disruption, or full system compromise.
This vulnerability affects all n8n deployments where:
- The Execute Command node is enabled, and
- Not all user accounts are strictly controlled and trusted.
n8n.cloud is not impacted.
Patches
No code changes have been made to alter the behavior of the Execute Command node. The recommended mitigation is to disable the node by default in environments where it is not explicitly required.
Future n8n versions may change the default availability of this node.
Workarounds
Administrators can disable the Execute Command node by setting the following environment variable before starting n8n:
export NODES_EXCLUDE: "[\"n8n-nodes-base.executeCommand\"]"
References
n8n docs: Execute Command
n8n docs: Blocking nodes
References
- GHSA-365g-vjw2-grx8