CVE-2026-25053

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-25053

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25053.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-25053

Aliases

GHSA-9g95-qf3f-ggrw

Published

2026-02-04T16:47:13.939Z

Modified

2026-03-01T02:57:06.048546Z

Severity

9.4 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSS Calculator

Summary

n8n is Vulnerable to OS Command Injection in Git Node

Details

n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been patched in versions 1.123.10 and 2.5.0.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-78"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25053.json"
}

References

Affected packages

Git / github.com/n8n-io/n8n

Affected ranges

Type: GIT
Repo: https://github.com/n8n-io/n8n
Events: Introduced

a8ecda44f7627630bc8b78cf671405157ad41c4f

Fixed

e396d6de708d2f23658c9df04f5acd3806728649

Affected versions

n8n@1.*

n8n@1.123.0

n8n@2.*

n8n@2.0.0

n8n@2.1.0

n8n@2.2.0

n8n@2.3.0

n8n@2.4.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25053.json"