CVE-2026-21877

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.121.3 n8n versions 0.123.0 through 1.121.2

Description n8n, an open source workflow automation platform, contains a critical authenticated Remote Code Execution (RCE) flaw (CVE-2026-21877). A successful exploit allows an authenticated user to execute untrusted code, potentially leading to a full compromise of the instance, including connected systems and credentials. The issue stems from arbitrary file write and untrusted input handling. The Git node is identified as a potential entry point for exploitation. The vulnerability impacts both self-hosted and n8n Cloud deployments. While the exact number of potentially affected devices is not specified, the flaw is rated with a CVSS score of 10.0, indicating its severity.

Recommendations Upgrade to n8n version 1.121.3 or later. If an immediate upgrade is not possible, disable the Git node. Restrict access for untrusted users.