CVE-2026-27498

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.2.0 n8n versions prior to 1.123.8

Description n8n is an open source workflow automation platform. An authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration files and then triggering a git operation, an attacker could execute arbitrary shell commands on the n8n host. The issue involves the interaction between the Read/Write Files from Disk node and git operations, potentially allowing an attacker to manipulate configuration files and subsequently execute commands. The Read/Write Files from Disk node and git operations are involved in the exploitation process.

Recommendations Upgrade to n8n version 2.2.0 or later. Upgrade to n8n version 1.123.8 or later. If upgrading is not immediately possible, limit workflow creation and editing permissions to fully trusted users only. If upgrading is not immediately possible, disable the Read/Write Files from Disk node by adding n8n-nodes-base.readWriteFile to the NODES EXCLUDE environment variable.