CVE-2026-21877
Remote Code Execution in n8n Workflow Automation Platform
Publication date: 2026-01-08
Last updated on: 2026-01-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| n8n-io | n8n | From 0.123.0 (inc) to 1.121.3 (exc) |
| n8n-io | n8n | to 0.121.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-21877 is a critical Remote Code Execution (RCE) vulnerability in the n8n workflow automation platform (versions 0.121.2 and below). An authenticated attacker can exploit an arbitrary file write flaw to execute malicious code on the n8n service. This flaw allows the attacker to run untrusted code remotely without user interaction, potentially leading to full system compromise. The vulnerability is related to unrestricted file uploads and unsafe repository path access in the Git node component. It has been fixed by adding checks to block unsafe repository paths and prevent unauthorized file system operations. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to a full compromise of both self-hosted and n8n Cloud instances. An attacker with low privileges and no user interaction can remotely execute arbitrary code, which can result in complete loss of confidentiality, integrity, and availability of the affected system. This means sensitive data could be exposed or altered, and the service could be disrupted or controlled by the attacker. [2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, you should upgrade n8n to version 1.121.3 or later. As a temporary measure before upgrading, disable the Git node and restrict access to the n8n service for untrusted users to reduce exposure. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an authenticated attacker to execute arbitrary code, potentially leading to full system compromise, which can result in unauthorized access, modification, or disruption of sensitive data. Such impacts on confidentiality, integrity, and availability could lead to non-compliance with standards and regulations like GDPR and HIPAA that require protection of personal and sensitive data. Therefore, organizations using affected versions of n8n may face compliance risks if the vulnerability is exploited. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2026-21877 involves identifying if your n8n instance is running a vulnerable version (0.121.2 and below, or up to but not including 1.121.3). You can check the n8n version by running the command `n8n --version` on the system hosting n8n. Additionally, monitoring for unusual Git node activity or unauthorized file system access attempts related to repository paths may help detect exploitation attempts. Since the vulnerability involves an arbitrary file write via the Git node, reviewing logs for errors like "Access to the repository path is not allowed" (which appears in patched versions) can indicate attempts to exploit the issue. There are no specific network detection commands provided in the resources. The recommended action is to upgrade to version 1.121.3 or later and disable the Git node or restrict access to untrusted users as temporary mitigations. [1, 2]