CVE-2026-21877

Name of the Vulnerable Software and Affected Versions n8n versions 0.121.2 through 1.121.2 n8n versions 0.123.0 through 1.121.3

Description n8n, an open-source workflow automation platform, is affected by a critical authenticated Remote Code Execution (RCE) vulnerability (CVE-2026-21877). A successful exploit allows an authenticated user to execute untrusted code, potentially leading to a full compromise of the instance, impacting both self-hosted and n8n Cloud deployments. The vulnerability stems from arbitrary file write and unsafe handling of input. The Git node is specifically identified as a potential entry point for exploitation. The issue has been resolved in version 1.121.3.

Recommendations Upgrade to n8n version 1.121.3 or later. Disable the Git node if upgrading is not immediately possible. Limit access for untrusted users.