Description
n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server could intercept the connection and present a fraudulent host key, potentially injecting malicious content into workflows or intercepting repository data. This issue only affects instances where the Source Control feature has been explicitly enabled and configured to use SSH (non-default). The issue has been fixed in n8n version 2.5.0. Users should upgrade to this version or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Disable the Source Control feature if it is not actively required, and/or restrict network access to ensure the n8n instance communicates with the Git server only over trusted, controlled network paths. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
Published: 2026-03-25
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Potential code injection via compromised Git repository
Action: Immediate Patch
AI Analysis

Impact

n8n, an open source workflow automation platform, was found to disable SSH host key verification when the Source Control feature is set to use SSH. This configuration allows a network attacker positioned between the n8n instance and the remote Git server to perform a man‑in‑the‑middle attack, presenting a fraudulent host key and thereby injecting malicious content into pulled workflows or intercepting repository data. The vulnerability can be exploited by any adversary able to observe or manipulate the network traffic to the Git server, potentially leading to unauthorized code execution or data exfiltration.

Affected Systems

The issue affects all deployments of n8n-io's n8n platform that enable the Source Control feature with SSH prior to version 2.5.0. Earlier releases before 2.5.0 are vulnerable, while versions 2.5.0 and later have the fix applied. Administrators should verify the version of n8n installed to determine exposure.

Risk and Exploitability

The CVSS score of 6.3 indicates a moderate severity, but the EPSS score of less than 1% suggests low exploitation likelihood in the wild. The vulnerability is not listed in CISA's KEV catalog, reducing immediate threat visibility. Exploitation requires a network attacker capable of intercepting traffic between the n8n instance and the Git server, implying that the attack vector is primarily network-based MITM. Despite the low EPSS, the potential for code injection warrants prompt action.

Generated by OpenCVE AI on March 27, 2026 at 20:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade n8n to version 2.5.0 or later to enable proper host key verification.
  • If an upgrade is not immediately possible, disable the Source Control feature within n8n to eliminate the vulnerable configuration.
  • Alternatively, restrict the network path between the n8n instance and the Git server so that traffic can only flow over trusted, controlled networks, thereby reducing exposure to MITM attacks.

Generated by OpenCVE AI on March 27, 2026 at 20:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-43v7-fp2v-68f6 n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no
History

Fri, 27 Mar 2026 19:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared N8n
N8n n8n
Vendors & Products N8n
N8n n8n

Wed, 25 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server could intercept the connection and present a fraudulent host key, potentially injecting malicious content into workflows or intercepting repository data. This issue only affects instances where the Source Control feature has been explicitly enabled and configured to use SSH (non-default). The issue has been fixed in n8n version 2.5.0. Users should upgrade to this version or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Disable the Source Control feature if it is not actively required, and/or restrict network access to ensure the n8n instance communicates with the Git server only over trusted, controlled network paths. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
Title n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no
Weaknesses CWE-639
References
Metrics cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L'}

Subscriptions

N8n N8n
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-25T20:06:16.722Z

Reserved: 2026-03-23T17:34:57.559Z

Link: CVE-2026-33724

cve-icon Vulnrichment

Updated: 2026-03-25T20:05:22.876Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T19:16:51.323

Modified: 2026-03-27T19:32:03.647

Link: CVE-2026-33724

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-29T20:28:13Z

Weaknesses