Critical RCE Vulnerability Patched in n8n Workflow Automation Platform
n8n, an open-source workflow automation platform, has disclosed a maximum-severity security flaw (CVE-2026-21877) that could allow authenticated remote code execution (RCE). With a CVSS score of 10.0, the vulnerability poses a severe risk, enabling attackers to execute untrusted code on affected instances, potentially leading to full system compromise.
The flaw affects both self-hosted deployments and n8n Cloud instances running versions 0.123.0 and above but prior to 1.121.3. The issue was patched in version 1.121.3, released in November 2025, following its discovery by security researcher Théo Lelasseux (@theolelasseux).
While immediate patching is recommended, n8n advised administrators to mitigate risks by disabling the Git node and restricting access for untrusted users if updates cannot be applied promptly. The disclosure follows recent fixes for other critical vulnerabilities (CVE-2025-68613 and CVE-2025-68668, CVSS 9.9), underscoring ongoing security challenges in the platform.
Source: https://thehackernews.com/2026/01/n8n-warns-of-cvss-100-rce-vulnerability.html
n8n cybersecurity rating report: https://www.rankiteo.com/company/n8n
"id": "N8N1767783703",
"linkid": "n8n",
"type": "Vulnerability",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Workflow Automation',
'name': 'n8n',
'type': 'Software Platform'}],
'attack_vector': 'Authenticated user exploitation',
'customer_advisories': 'Users are advised to upgrade to version 1.121.3 or '
'later to address the vulnerability. If immediate '
'patching is not possible, administrators should '
'disable the Git node and limit access for untrusted '
'users.',
'date_publicly_disclosed': '2025-11-05',
'date_resolved': '2025-11-05',
'description': 'Open-source workflow automation platform n8n has warned of a '
'maximum-severity security flaw that, if successfully '
'exploited, could result in authenticated remote code '
'execution (RCE). Under certain conditions, an authenticated '
'user may be able to cause untrusted code to be executed by '
'the n8n service, resulting in full compromise of the affected '
'instance.',
'impact': {'operational_impact': 'Full compromise of affected instance',
'systems_affected': 'n8n self-hosted and cloud instances'},
'investigation_status': 'Resolved',
'post_incident_analysis': {'corrective_actions': 'Patch released in version '
'1.121.3; additional '
'hardening measures '
'recommended',
'root_causes': 'Authenticated user exploitation '
'under certain conditions'},
'recommendations': 'Upgrade to version 1.121.3 or later; disable Git node and '
'limit access for untrusted users if immediate patching is '
'not possible',
'references': [{'date_accessed': '2025-11-05', 'source': 'n8n Advisory'},
{'source': 'Security Researcher Théo Lelasseux',
'url': 'https://twitter.com/theolelasseux'}],
'response': {'communication_strategy': 'Public advisory released',
'containment_measures': 'Upgrade to version 1.121.3 or later; '
'disable Git node and limit access for '
'untrusted users if immediate patching '
'is not possible',
'remediation_measures': 'Released patch in version 1.121.3'},
'title': 'Authenticated Remote Code Execution Vulnerability in n8n '
'(CVE-2026-21877)',
'type': 'Remote Code Execution (RCE)',
'vulnerability_exploited': 'CVE-2026-21877'}