vulnerability

n8n:CVE-2026-21877: Arbitrary File Write in Git Node allows Remote Code Execution

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Jan 8, 2026	Jan 9, 2026	Jan 9, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Jan 8, 2026

Added

Jan 9, 2026

Modified

Jan 9, 2026

Description

An arbitrary file write vulnerability exists in n8n versions from 0.123.0 up to, but not including, 1.121.3. An authenticated attacker with access to workflow creation can exploit the Git node to write malicious files to the underlying server filesystem. This can be chained to execute arbitrary code (RCE) on the host system with the privileges of the n8n process.

Solution

n8n-upgrade-1_121_3

References

CWE-434
CVE-2026-21877
https://attackerkb.com/topics/CVE-2026-21877
URL-https://nvd.nist.gov/vuln/detail/CVE-2026-21877

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today