CVE-2026-33724
SSH Host Key Verification Bypass in n8n Source Control Enables MITM
Publication date: 2026-03-25
Last updated on: 2026-03-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| n8n | n8n | to 2.5.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-33724 is a moderate severity vulnerability in the n8n workflow automation platform versions prior to 2.5.0. It occurs when the Source Control feature is enabled and configured to use SSH for git operations. In this configuration, the SSH command disables host key verification, which normally ensures the authenticity of the remote Git server.
Because host key verification is disabled, a network attacker positioned between the n8n instance and the Git server can perform a man-in-the-middle (MITM) attack by presenting a fraudulent host key. This allows the attacker to intercept repository data or inject malicious content into workflows.
This vulnerability only affects instances where the Source Control feature is explicitly enabled and configured to use SSH, which is not the default setting. The issue was fixed in n8n version 2.5.0.
How can this vulnerability impact me? :
If your n8n instance is configured to use the Source Control feature with SSH, this vulnerability allows a network attacker to intercept and manipulate the connection between your n8n instance and the remote Git server.
- The attacker can inject malicious content into your workflows, potentially compromising automated processes.
- The attacker can intercept sensitive repository data, leading to confidentiality breaches.
These impacts can undermine the integrity and confidentiality of your automation workflows and data.
The vulnerability has a CVSS 4.0 base score of 6.3, indicating moderate severity with low confidentiality and integrity impacts but no availability impact.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects n8n instances where the Source Control feature is explicitly enabled and configured to use SSH for git operations with host key verification disabled.
To detect if your system is vulnerable, you should check the n8n configuration to see if Source Control is enabled and using SSH with disabled host key verification.
You can inspect the SSH command or configuration used by n8n for git operations to verify if host key verification is disabled (for example, by checking for the presence of the SSH option '-o StrictHostKeyChecking=no').
Suggested commands include:
- Review n8n configuration files or environment variables related to Source Control and SSH settings.
- Use commands like `ps aux | grep ssh` on the n8n host to see if SSH commands are run with options disabling host key verification.
- Check network traffic between the n8n instance and the Git server for unusual SSH handshake behavior or unexpected host keys.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade n8n to version 2.5.0 or later, where the vulnerability has been fixed.
If upgrading immediately is not possible, consider the following temporary mitigations:
- Disable the Source Control feature if it is not actively required.
- Restrict network access so that the n8n instance communicates with the Git server only over trusted and controlled network paths.
Note that these workarounds do not fully eliminate the risk and should only be used as short-term measures until an upgrade can be performed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows a network attacker to perform a man-in-the-middle attack by presenting a fraudulent host key when the Source Control feature is configured to use SSH without host key verification. This could lead to interception of repository data or injection of malicious content into workflows.
Such unauthorized access and potential data manipulation could impact the confidentiality and integrity of data managed by the n8n platform, which may affect compliance with data protection standards and regulations like GDPR and HIPAA that require safeguarding sensitive data against unauthorized access and tampering.
However, this vulnerability only affects instances where the Source Control feature is explicitly enabled and configured to use SSH with disabled host key verification, which is not the default setting. Remediation by upgrading to version 2.5.0 or later is advised to mitigate this risk.