Theolelasseux

**Name of the Vulnerable Software and Affected Versions** n8n versions prior to 1.123.18 n8n versions prior to 2.5.0 **Description** n8n is a workflow automation platform. A flaw in the file access controls allows authenticated users with appropriate permissions to read sensitive files from the n8n host system. This could lead to the exposure of critical configuration data and user credentials, potentially resulting in complete account takeover. The issue affects instances where users have the ability to create or modify workflows. **Recommendations** Update n8n to version 1.123.18 or later. Update n8n to version 2.5.0 or later.

**Name of the Vulnerable Software and Affected Versions** n8n versions 0.121.2 through 1.121.2 n8n versions 0.123.0 through 1.121.3 **Description** n8n, an open-source workflow automation platform, is affected by a critical authenticated Remote Code Execution (RCE) vulnerability (CVE-2026-21877). A successful exploit allows an authenticated user to execute untrusted code, potentially leading to a full compromise of the instance, impacting both self-hosted and n8n Cloud deployments. The vulnerability stems from arbitrary file write and unsafe handling of input. The Git node is specifically identified as a potential entry point for exploitation. The issue has been resolved in version 1.121.3. **Recommendations** Upgrade to n8n version 1.121.3 or later. Disable the Git node if upgrading is not immediately possible. Limit access for untrusted users.