GHSA-365g-vjw2-grx8

Suggest an improvement
Source
https://github.com/advisories/GHSA-365g-vjw2-grx8
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-365g-vjw2-grx8/GHSA-365g-vjw2-grx8.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-365g-vjw2-grx8
Published
2025-10-09T15:26:59Z
Modified
2025-10-09T15:27:00Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
n8n: Execute Command Node Allows Authenticated Users to Run Arbitrary Commands on Host
Details

Impact

The Execute Command node in n8n allows execution of arbitrary commands on the host system where n8n runs. While this functionality is intended for advanced automation and can be useful in certain workflows, it poses a security risk if all users with access to the n8n instance are not fully trusted.

An attacker—either a malicious user or someone who has compromised a legitimate user account—could exploit this node to run arbitrary commands on the host machine, potentially leading to data exfiltration, service disruption, or full system compromise.

This vulnerability affects all n8n deployments where:

  • The Execute Command node is enabled, and
  • Not all user accounts are strictly controlled and trusted.

n8n.cloud is not impacted.

Patches

No code changes have been made to alter the behavior of the Execute Command node. The recommended mitigation is to disable the node by default in environments where it is not explicitly required.

Future n8n versions may change the default availability of this node.

Workarounds

Administrators can disable the Execute Command node by setting the following environment variable before starting n8n:

export NODES_EXCLUDE: "[\"n8n-nodes-base.executeCommand\"]"

References

n8n docs: Execute Command n8n docs: Blocking nodes

Database specific 
{
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-09T15:26:59Z",
    "severity": "HIGH",
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-78"
    ]
}
References

Affected packages

npm / n8n-nodes-base

Package

Name
n8n-nodes-base
View open source insights on deps.dev
Purl
pkg:npm/n8n-nodes-base

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.113.0

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-365g-vjw2-grx8/GHSA-365g-vjw2-grx8.json"

npm / n8n

Package

Name
n8n
View open source insights on deps.dev
Purl
pkg:npm/n8n

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.114.4

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-365g-vjw2-grx8/GHSA-365g-vjw2-grx8.json"