Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-v364-rw7m-3263: n8n Vulnerable to RCE via Arbitrary File Write

Impact

n8n is affected by an authenticated Remote Code Execution (RCE) vulnerability.

Under certain conditions, an authenticated user may be able to cause untrusted code to be executed by the n8n service. This could result in full compromise of the affected instance.

Both self-hosted and n8n Cloud instances are impacted.

Patches

The issue has been resolved in n8n version 1.121.3.

Users are advised to upgrade to this version or later to fully address the vulnerability.

Workarounds

If upgrading is not immediately possible, administrators can reduce exposure by disabling the Git node and limiting access for untrusted users.

References

ghsa
Open in Source
#vulnerability#git#rce#auth

Impact

n8n is affected by an authenticated Remote Code Execution (RCE) vulnerability.

Under certain conditions, an authenticated user may be able to cause untrusted code to be executed by the n8n service. This could result in full compromise of the affected instance.

Both self-hosted and n8n Cloud instances are impacted.

Patches

The issue has been resolved in n8n version 1.121.3.

Users are advised to upgrade to this version or later to fully address the vulnerability.

Workarounds

If upgrading is not immediately possible, administrators can reduce exposure by disabling the Git node and limiting access for untrusted users.

References

  • n8n documentation: Blocking access to nodes

References

  • GHSA-v364-rw7m-3263

Related news

Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control

Cybersecurity researchers have disclosed details of yet another maximum-severity security flaw in n8n, a popular workflow automation platform, that allows an unauthenticated remote attacker to gain complete control over susceptible instances. The vulnerability, tracked as CVE-2026-21858 (CVSS score: 10.0), has been codenamed Ni8mare by Cyera Research Labs. Security researcher Dor Attias has been

n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions

Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution (RCE). The vulnerability, which has been assigned the CVE identifier CVE-2026-21877, is rated 10.0 on the CVSS scoring system. "Under certain conditions, an authenticated user may be able to cause untrusted code to be

ghsa: Latest News

GHSA-rhfx-m35p-ff5j: `IterMut` violates Stacked Borrows by invalidating internal pointer
ghsa