Vulnerability-Lookup

CVE-2026-21893 (GCVE-0-2026-21893)

Vulnerability from cvelistv5 – Published: 2026-02-04 17:36 – Updated: 2026-02-04 19:33

Title

n8n Vulnerable to Command Injection in Community Package Installation

Summary

n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system commands on the n8n host under specific conditions. This issue has been patched in version 1.120.3.

Severity ?

9.4 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-20 - Improper Input Validation

Assigner

GitHub_M

References

URL

Tags

	https://github.com/n8n-io/n8n/security/advisories…	x_refsource_CONFIRM
	https://github.com/n8n-io/n8n/commit/ae0669a736cc…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n8n-io	n8n	Affected: >= 0.187.0, < 1.120.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21893",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-04T19:33:16.360319Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-04T19:33:50.547Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n8n",
          "vendor": "n8n-io",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.187.0, \u003c 1.120.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n\u2019s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system commands on the n8n host under specific conditions. This issue has been patched in version 1.120.3."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "HIGH",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-04T17:36:51.690Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/n8n-io/n8n/security/advisories/GHSA-7c4h-vh2m-743m",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-7c4h-vh2m-743m"
        },
        {
          "name": "https://github.com/n8n-io/n8n/commit/ae0669a736cc496beeb296e115267862727ae838",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/n8n-io/n8n/commit/ae0669a736cc496beeb296e115267862727ae838"
        }
      ],
      "source": {
        "advisory": "GHSA-7c4h-vh2m-743m",
        "discovery": "UNKNOWN"
      },
      "title": "n8n Vulnerable to Command Injection in Community Package Installation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-21893",
    "datePublished": "2026-02-04T17:36:51.690Z",
    "dateReserved": "2026-01-05T17:24:36.929Z",
    "dateUpdated": "2026-02-04T19:33:50.547Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-21893\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-04T18:16:08.410\",\"lastModified\":\"2026-02-05T14:57:20.563\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n\u2019s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system commands on the n8n host under specific conditions. This issue has been patched in version 1.120.3.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.4,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"references\":[{\"url\":\"https://github.com/n8n-io/n8n/commit/ae0669a736cc496beeb296e115267862727ae838\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/n8n-io/n8n/security/advisories/GHSA-7c4h-vh2m-743m\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-21893\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-04T19:33:16.360319Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-04T19:33:31.179Z\"}}], \"cna\": {\"title\": \"n8n Vulnerable to Command Injection in Community Package Installation\", \"source\": {\"advisory\": \"GHSA-7c4h-vh2m-743m\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 9.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"n8n-io\", \"product\": \"n8n\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 0.187.0, \u003c 1.120.3\"}]}], \"references\": [{\"url\": \"https://github.com/n8n-io/n8n/security/advisories/GHSA-7c4h-vh2m-743m\", \"name\": \"https://github.com/n8n-io/n8n/security/advisories/GHSA-7c4h-vh2m-743m\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/n8n-io/n8n/commit/ae0669a736cc496beeb296e115267862727ae838\", \"name\": \"https://github.com/n8n-io/n8n/commit/ae0669a736cc496beeb296e115267862727ae838\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n\\u2019s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system commands on the n8n host under specific conditions. This issue has been patched in version 1.120.3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20: Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-04T17:36:51.690Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-21893\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-04T19:33:50.547Z\", \"dateReserved\": \"2026-01-05T17:24:36.929Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-04T17:36:51.690Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

WID-SEC-W-2026-0318

Vulnerability from csaf_certbund - Published: 2026-02-04 23:00 - Updated: 2026-02-05 23:00

Summary

n8n: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

n8n ist ein Workflow-Automatisierungstool, mit dem verschiedene Anwendungen und Dienste miteinander verbunden werden können, um Aufgaben zu automatisieren.

Angriff

Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in n8n ausnutzen, um beliebigen Code auszuführen, sich erhöhte Berechtigungen zu verschaffen, Cross-Site-Scripting-Angriffe durchzuführen und vertrauliche Informationen offenzulegen. Über einige dieser Schwachstellen sind weitere Angriffe möglich, wie beispielsweise die Übernahme von Konten, das Hijacking von Sitzungen und die vollständige Kompromittierung des Systems.

Betroffene Betriebssysteme

- Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "n8n ist ein Workflow-Automatisierungstool, mit dem verschiedene Anwendungen und Dienste miteinander verbunden werden k\u00f6nnen, um Aufgaben zu automatisieren.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter oder anonymer  Angreifer kann mehrere Schwachstellen in n8n ausnutzen, um beliebigen Code auszuf\u00fchren, sich erh\u00f6hte Berechtigungen zu verschaffen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren und vertrauliche Informationen offenzulegen. \u00dcber einige dieser Schwachstellen sind weitere Angriffe m\u00f6glich, wie beispielsweise die \u00dcbernahme von Konten, das Hijacking von Sitzungen und die vollst\u00e4ndige Kompromittierung des Systems.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0318 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0318.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0318 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0318"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-7c4h-vh2m-743m"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/advisories/GHSA-49mx-fj45-q3p6"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-8398-gmmx-564h"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-hv53-3329-vmrm"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-m82q-59gv-mcr9"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/advisories/GHSA-qpq4-pw7f-pp8w"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-9g95-qf3f-ggrw"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-gfvg-qv54-r4pc"
      },
      {
        "category": "external",
        "summary": "n8n GitHub vom 2026-02-04",
        "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-825q-w924-xhgx"
      },
      {
        "category": "external",
        "summary": "PoC CVE-2026-25049 vom 2026-02-04",
        "url": "https://www.pillar.security/blog/n8n-sandbox-escape-critical-vulnerabilities-in-n8n-exposes-hundreds-of-thousands-of-enterprise-ai-systems-to-complete-takeover"
      }
    ],
    "source_lang": "en-US",
    "title": "n8n: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-02-05T23:00:00.000+00:00",
      "generator": {
        "date": "2026-02-05T14:24:22.187+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0318",
      "initial_release_date": "2026-02-04T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-02-04T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-02-05T23:00:00.000+00:00",
          "number": "2",
          "summary": "doppelte Eintragung bereinigt"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.4.8",
                "product": {
                  "name": "n8n n8n \u003c2.4.8",
                  "product_id": "T050537"
                }
              },
              {
                "category": "product_version",
                "name": "2.4.8",
                "product": {
                  "name": "n8n n8n 2.4.8",
                  "product_id": "T050537-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:2.4.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.120.3",
                "product": {
                  "name": "n8n n8n \u003c1.120.3",
                  "product_id": "T050538"
                }
              },
              {
                "category": "product_version",
                "name": "1.120.3",
                "product": {
                  "name": "n8n n8n 1.120.3",
                  "product_id": "T050538-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.120.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.5.0",
                "product": {
                  "name": "n8n n8n \u003c2.5.0",
                  "product_id": "T050539"
                }
              },
              {
                "category": "product_version",
                "name": "2.5.0",
                "product": {
                  "name": "n8n n8n 2.5.0",
                  "product_id": "T050539-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:2.5.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.123.10",
                "product": {
                  "name": "n8n n8n \u003c1.123.10",
                  "product_id": "T050540"
                }
              },
              {
                "category": "product_version",
                "name": "1.123.10",
                "product": {
                  "name": "n8n n8n 1.123.10",
                  "product_id": "T050540-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.123.10"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.5.2",
                "product": {
                  "name": "n8n n8n \u003c2.5.2",
                  "product_id": "T050541"
                }
              },
              {
                "category": "product_version",
                "name": "2.5.2",
                "product": {
                  "name": "n8n n8n 2.5.2",
                  "product_id": "T050541-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:2.5.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.123.17",
                "product": {
                  "name": "n8n n8n \u003c1.123.17",
                  "product_id": "T050542"
                }
              },
              {
                "category": "product_version",
                "name": "1.123.17",
                "product": {
                  "name": "n8n n8n 1.123.17",
                  "product_id": "T050542-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.123.17"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.114.3",
                "product": {
                  "name": "n8n n8n \u003c1.114.3",
                  "product_id": "T050543"
                }
              },
              {
                "category": "product_version",
                "name": "1.114.3",
                "product": {
                  "name": "n8n n8n 1.114.3",
                  "product_id": "T050543-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.114.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.4.0",
                "product": {
                  "name": "n8n n8n \u003c2.4.0",
                  "product_id": "T050544"
                }
              },
              {
                "category": "product_version",
                "name": "2.4.0",
                "product": {
                  "name": "n8n n8n 2.4.0",
                  "product_id": "T050544-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:2.4.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.118.0",
                "product": {
                  "name": "n8n n8n \u003c1.118.0",
                  "product_id": "T050545"
                }
              },
              {
                "category": "product_version",
                "name": "1.118.0",
                "product": {
                  "name": "n8n n8n 1.118.0",
                  "product_id": "T050545-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.118.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.123.12",
                "product": {
                  "name": "n8n n8n \u003c1.123.12",
                  "product_id": "T050546"
                }
              },
              {
                "category": "product_version",
                "name": "1.123.12",
                "product": {
                  "name": "n8n n8n 1.123.12",
                  "product_id": "T050546-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.123.12"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.123.18",
                "product": {
                  "name": "n8n n8n \u003c1.123.18",
                  "product_id": "T050547"
                }
              },
              {
                "category": "product_version",
                "name": "1.123.18",
                "product": {
                  "name": "n8n n8n 1.123.18",
                  "product_id": "T050547-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.123.18"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.2.1",
                "product": {
                  "name": "n8n n8n \u003c2.2.1",
                  "product_id": "T050548"
                }
              },
              {
                "category": "product_version",
                "name": "2.2.1",
                "product": {
                  "name": "n8n n8n 2.2.1",
                  "product_id": "T050548-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:2.2.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.123.9",
                "product": {
                  "name": "n8n n8n \u003c1.123.9",
                  "product_id": "T050549"
                }
              },
              {
                "category": "product_version",
                "name": "1.123.9",
                "product": {
                  "name": "n8n n8n 1.123.9",
                  "product_id": "T050549-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.123.9"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.123.2",
                "product": {
                  "name": "n8n n8n \u003c1.123.2",
                  "product_id": "T050550"
                }
              },
              {
                "category": "product_version",
                "name": "1.123.2",
                "product": {
                  "name": "n8n n8n 1.123.2",
                  "product_id": "T050550-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:n8n:n8n:1.123.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "n8n"
          }
        ],
        "category": "vendor",
        "name": "n8n"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-61917",
      "product_status": {
        "known_affected": [
          "T050543"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2025-61917"
    },
    {
      "cve": "CVE-2026-25049",
      "product_status": {
        "known_affected": [
          "T050543",
          "T050542",
          "T050545",
          "T050544",
          "T050550",
          "T050541",
          "T050540",
          "T050539",
          "T050546",
          "T050538",
          "T050549",
          "T050537",
          "T050548"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25049"
    },
    {
      "cve": "CVE-2026-25051",
      "product_status": {
        "known_affected": [
          "T050538",
          "T050543",
          "T050545",
          "T050550"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25051"
    },
    {
      "cve": "CVE-2026-25052",
      "product_status": {
        "known_affected": [
          "T050543",
          "T050542",
          "T050545",
          "T050544",
          "T050550",
          "T050540",
          "T050539",
          "T050547",
          "T050546",
          "T050538",
          "T050549",
          "T050537",
          "T050548"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25052"
    },
    {
      "cve": "CVE-2026-25053",
      "product_status": {
        "known_affected": [
          "T050539",
          "T050538",
          "T050549",
          "T050537",
          "T050548",
          "T050543",
          "T050545",
          "T050544",
          "T050550",
          "T050540"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25053"
    },
    {
      "cve": "CVE-2026-25054",
      "product_status": {
        "known_affected": [
          "T050538",
          "T050549",
          "T050548",
          "T050543",
          "T050545",
          "T050550"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25054"
    },
    {
      "cve": "CVE-2026-25055",
      "product_status": {
        "known_affected": [
          "T050546",
          "T050538",
          "T050549",
          "T050548",
          "T050543",
          "T050545",
          "T050544",
          "T050550"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25055"
    },
    {
      "cve": "CVE-2026-25056",
      "product_status": {
        "known_affected": [
          "T050548",
          "T050543",
          "T050545",
          "T050544"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25056"
    },
    {
      "cve": "CVE-2026-25115",
      "product_status": {
        "known_affected": [
          "T050548",
          "T050537"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-25115"
    },
    {
      "cve": "CVE-2026-21893",
      "product_status": {
        "known_affected": [
          "T050538",
          "T050543",
          "T050545"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-21893"
    }
  ]
}

GHSA-7C4H-VH2M-743M

Vulnerability from github – Published: 2026-02-04 17:49 – Updated: 2026-02-04 19:53

Summary

n8n Vulnerable to Command Injection in Community Package Installation

Details

Impact

A Command Injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system commands on the n8n host under specific conditions.

Important context

Exploitation requires administrative access to the n8n instance.
The affected functionality is restricted to trusted users who are already permitted to install third-party community packages.
No unauthenticated or low-privilege exploitation is possible.
There is no evidence of exploitation in the wild.

Because administrative users can already extend n8n with custom or community code, the vulnerability does not meaningfully expand the threat model beyond existing administrator capabilities. However, it represents a violation of secure coding practices and has therefore been addressed.

Patches

Users are advised to upgrade to n8n version 1.120.3 or later, which fully resolves the issue.

As a general security best practice, n8n instance owners should ensure that: - Administrative access is limited to trusted users only. - Community packages are installed only from trusted sources. - Instances are kept up to date with the latest security releases.

Severity ?

9.4 (Critical)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.187.0"
            },
            {
              "fixed": "1.120.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-21893"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-04T17:49:38Z",
    "nvd_published_at": "2026-02-04T18:16:08Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\nA Command Injection vulnerability was identified in n8n\u2019s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system commands on the n8n host under specific conditions.\n\n**Important context**\n\n- Exploitation requires _administrative_ access to the n8n instance.\n- The affected functionality is restricted to trusted users who are already permitted to install third-party community packages.\n- No unauthenticated or low-privilege exploitation is possible.\n- There is no evidence of exploitation in the wild.\n\nBecause administrative users can already extend n8n with custom or community code, the vulnerability does not meaningfully expand the threat model beyond existing administrator capabilities. However, it represents a violation of secure coding practices and has therefore been addressed.\n\n### Patches\nUsers are advised to upgrade to n8n version 1.120.3 or later, which fully resolves the issue.\n\nAs a general security best practice, n8n instance owners should ensure that:\n- Administrative access is limited to trusted users only.\n- Community packages are installed only from trusted sources.\n- Instances are kept up to date with the latest security releases.",
  "id": "GHSA-7c4h-vh2m-743m",
  "modified": "2026-02-04T19:53:12Z",
  "published": "2026-02-04T17:49:38Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-7c4h-vh2m-743m"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21893"
    },
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/commit/ae0669a736cc496beeb296e115267862727ae838"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/n8n-io/n8n"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "n8n Vulnerable to Command Injection in Community Package Installation"
}

FKIE_CVE-2026-21893

Vulnerability from fkie_nvd - Published: 2026-02-04 18:16 - Updated: 2026-02-05 14:57

Severity ?

9.4 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/n8n-io/n8n/commit/ae0669a736cc496beeb296e115267862727ae838
	security-advisories@github.com	https://github.com/n8n-io/n8n/security/advisories/GHSA-7c4h-vh2m-743m

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n\u2019s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system commands on the n8n host under specific conditions. This issue has been patched in version 1.120.3."
    }
  ],
  "id": "CVE-2026-21893",
  "lastModified": "2026-02-05T14:57:20.563",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 9.4,
          "baseSeverity": "CRITICAL",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "HIGH",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-04T18:16:08.410",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/n8n-io/n8n/commit/ae0669a736cc496beeb296e115267862727ae838"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-7c4h-vh2m-743m"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-21893 (GCVE-0-2026-21893)

WID-SEC-W-2026-0318

GHSA-7C4H-VH2M-743M

Impact

Patches

FKIE_CVE-2026-21893

Tags

Sightings

Nomenclature