8.8

CVE-2025-62726

EPSS 0.73%
Veröffentlicht 30.10.2025 16:24:11
Zuletzt bearbeitet 31.12.2025 02:30:18
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigger the hook’s execution. This allows attackers to execute arbitrary code within the n8n environment, potentially compromising the system and any connected credentials or workflows. This vulnerability is fixed in 1.113.0.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

N8n ≫ N8n SwPlatformnode.js Version < 1.113.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.73%	0.493

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-829 Inclusion of Functionality from Untrusted Control Sphere

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

https://github.com/n8n-io/n8n/security/advisories/GHSA-xgp7-7qjq-vg47

Patch

Vendor Advisory

https://github.com/n8n-io/n8n/pull/19559

Issue Tracking

https://github.com/n8n-io/n8n/commit/5bf3db5ba84d3195bbe11bbd3c62f7086e090997

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-62726

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-62726

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-62726

EUVD