CVE-2025-62726

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.113.0

Description n8n is a workflow automation platform with a remote code execution issue in the Git Node component, affecting both Cloud and Self-Hosted versions. A malicious actor can exploit this by cloning a repository containing a pre-commit hook. Utilizing the Commit operation within the Git Node inadvertently triggers the hook, allowing the attacker to execute arbitrary code within the n8n environment. This could compromise the system and any associated credentials or workflows. The vulnerability impacts users with workflows that utilize the Git Node to clone untrusted repositories.

Recommendations Update to version 1.113.0 or later to resolve this issue. For self-hosted deployments, set the environment variable N8N GIT NODE DISABLE BARE REPOS to true. Avoid cloning or interacting with untrusted repositories using the Git Node. Disable or restrict the use of the Git Node in workflows where repository content cannot be fully trusted.