CVE-2026-21877

EPSS 16.06%
Veröffentlicht 08.01.2026 00:39:58
Zuletzt bearbeitet 20.01.2026 15:08:24
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version 1.121.3. Administrators can reduce exposure by disabling the Git node and limiting access for untrusted users, but upgrading to the latest version is recommended.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

N8n ≫ N8n SwPlatformnode.js Version >= 0.123.0 < 1.121.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	16.06%	0.946

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://github.com/n8n-io/n8n/security/advisories/GHSA-v364-rw7m-3263

Vendor Advisory

https://github.com/n8n-io/n8n/commit/f4b009d00d1f4ba9359b8e8f1c071e3d910a55f6

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-21877

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-21877

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-21877

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-21877