n8n is Vulnerable to OS Command Injection in Git Node

9.4 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been patched in versions 1.123.10 and 2.5.0.

Basic Information

ID CVE-2026-25053

Source GitHub_M

Published Feb 4, 2026 at 16:47

Affected Product

Vendor n8n-io

Product n8n

Version < 1.123.10

Affected Versions n8n-io n8n < 1.123.10
n8n-io n8n < 2.5.0

CWE Classification

CWE-78

References

github.com /n8n-io/n8n/security/advisories/GHSA-9g95-qf3f-ggrw

{
    "lastseen": "",
    "description": "n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been patched in versions 1.123.10 and 2.5.0.",
    "published": "2026-02-04T16:47:13.939Z",
    "modified": "2026-02-04T16:47:13.939Z",
    "type": "cve",
    "title": "n8n is Vulnerable to OS Command Injection in Git Node",
    "source": "GitHub_M",
    "references": "https://github.com/n8n-io/n8n/security/advisories/GHSA-9g95-qf3f-ggrw",
    "id": "CVE-2026-25053",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "n8n-io n8n < 1.123.10\nn8n-io n8n < 2.5.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "n8n",
    "version": "< 1.123.10",
    "vendor": "n8n-io",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

n8n is Vulnerable to OS Command Injection in Git Node_CVE-2026-25053