CVE-2026-21877 - Vulnerability Details

- n8n is vulnerable to Remote Code Execution via Arbitrary File Write

Description

n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version 1.121.3. Administrators can reduce exposure by disabling the Git node and limiting access for untrusted users, but upgrading to the latest version is recommended.

Published: 2026-01-08

Score: 10 Critical

EPSS: 10.7% Moderate

KEV: No

Impact:

Action:

Analysis

Impact

n8n, an open source workflow platform, suffers from a critical flaw that allows an authenticated attacker to write arbitrary files to the server. By leveraging this, the attacker can place malicious code and trigger its execution, leading to full system compromise. The issue manifests in n8n versions 0.121.2 and earlier and is identified as both an arbitrary file write (CWE‑434) and a potential code injection (CWE‑94).

Affected Systems

Affected systems include the n8n-io:n8n product, applicable to both self‑hosted deployments and the n8n Cloud offering. Any installation running the vulnerable 0.121.2 release or earlier is susceptible. The vulnerability was addressed in the 1.121.3 release, which removes the insecure file handling path.

Risk and Exploitability

The CVSS score of 10 reflects a complete compromise risk, and the current EPSS estimate of 11% indicates a moderate likelihood that attackers will target this flaw. The vulnerability is not yet listed in the CISA KEV catalog, but the combination of a high severity, a known exploitable code path, and the requirement for authenticated access suggests that strong mitigations such as immediate patching or disabling the Git node and limiting user privileges are necessary.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n8n-io

n8n

affected

Version	Status	Constraints
`< 1.121.3`	affected	—

Configuration 1 [-]

cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*

No data.

Vendor	Product	Confidence	Versions
N8n	N8n	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to n8n version 1.121.3 or later to eliminate the vulnerable code path.
Disable the Git node functionality to remove the vector for arbitrary file writes.
Restrict or remove access for untrusted or low‑privilege users from interacting with the n8n service.

Generated by OpenCVE AI on May 18, 2026 at 14:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-v364-rw7m-3263	n8n Vulnerable to RCE via Arbitrary File Write

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.10735.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/n8n-io/n8n/commit/f4b009d00d1f4ba9359b8e8f1c071e3d910a55f6
https://github.com/n8n-io/n8n/security/advisories/GHSA-v364-rw7m-3263

History

Tue, 20 Jan 2026 15:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:n8n:n8n::::::node.js::*

Thu, 08 Jan 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 08 Jan 2026 10:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		N8n N8n n8n
Vendors & Products		N8n N8n n8n

Thu, 08 Jan 2026 01:00:00 +0000

Type	Values Removed	Values Added
Description		n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version 1.121.3. Administrators can reduce exposure by disabling the Git node and limiting access for untrusted users, but upgrading to the latest version is recommended.
Title		n8n is vulnerable to Remote Code Execution via Arbitrary File Write
Weaknesses		CWE-434 CWE-94
References		https://github.com/n8n-io/n8n/commit/f4b009d00d1f4ba9359b8e8f1c071e3d910a55f6 https://github.com/n8n-io/n8n/security/advisories/GHSA-v364-rw7m-3263
Metrics		cvssV3_1 `{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}`

Subscriptions

N8n N8n

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-01-08T00:39:58.697Z

Updated: 2026-01-08T18:59:10.198Z

Reserved: 2026-01-05T17:24:36.928Z

Link: CVE-2026-21877

Vulnrichment

Updated: 2026-01-08T18:59:07.481Z

NVD

Status : Analyzed

Published: 2026-01-08T01:15:55.697

Modified: 2026-01-20T15:08:24.850

Link: CVE-2026-21877

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-18T14:45:16Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object