By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Preferences
Deny all
Accept all
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Get Your Free Vendor Risk Assessment Now!

Technical Advisory: n8n Remote Code Execution via Arbitrary File Write

Giuseppe Trovato
Giuseppe Trovato
Head of Research

Critical vulnerability in n8n workflow automation allows authenticated attackers to achieve remote code execution through Git node exploitation

Disclosed: January 8, 2026

Severity: Critical (CVSS 9.9)

Package/Component: n8n

Advisories: CVE-2026-21877GHSA-v364-rw7m-3263

Executive Summary

What Happened:A critical remote code execution vulnerability was discovered in n8n, an open-source workflow automation platform. Authenticated attackers can exploit arbitrary file write capabilities to execute malicious code on both self-hosted and cloud instances.

Why It Matters:

  • Supply Chain Risk: Workflow automation platforms often have access to sensitive credentials, APIs, and business-critical integrations, making compromise particularly damaging
  • Operational Continuity: Full system compromise can disrupt automated business processes and workflows that organisations depend on for daily operations
  • AI/Automation Adoption Risk: As organisations increasingly rely on workflow automation for AI agent orchestration, vulnerabilities in these platforms can compromise entire AI-driven operations
  • Regulatory Compliance: Unauthorised code execution can lead to data breaches affecting GDPR, SOC 2, and other compliance frameworks

High-Level Risks:

  • Remote code execution by authenticated users
  • Full compromise of n8n instances (self-hosted and cloud)
  • Credential theft from workflow configurations
  • Lateral movement through integrated systems
  • Data exfiltration from connected services
  • Disruption of automated business processes

Immediate Actions:

  1. Upgrade to n8n v1.121.3 or later immediately
  2. Review user access privileges and remove untrusted users
  3. Audit workflow configurations for signs of compromise
  4. Rotate credentials and API keys used in n8n workflows

Overview

An authenticated attacker with low privileges can exploit n8n’s file handling capabilities to write arbitrary files to the server, leading to remote code execution. The vulnerability affects both self-hosted and n8n Cloud instances, potentially resulting in full system compromise. The flaw stems from unrestricted file upload functionality that allows untrusted code to be executed by the n8n service.

Risk Analysis

This threat is particularly concerning in the context of agentic AI systems due to:

  1. Workflow Automation as Attack Surface: n8n is commonly used to orchestrate AI agents and automate data pipelines, meaning compromise can affect multiple downstream systems and AI-driven processes simultaneously.
  2. Credential Exposure: Workflow automation platforms typically store numerous API keys, database credentials, and service tokens, providing attackers with immediate access to integrated systems without additional exploitation.
  3. Low Privilege Escalation: The vulnerability requires only low-level authentication, meaning any user with basic access can achieve full system compromise, bypassing typical privilege boundaries in multi-tenant or team environments.

Technical Details

Vulnerability Mechanism:

The vulnerability exploits n8n’s Git node, which allows workflow automation to interact with Git repositories. The Git node fails to properly validate file paths and content, enabling authenticated users to write arbitrary files to any location accessible by the n8n service.

Attack Chain:

  1. Initial Access: Attacker requires only basic authenticated access to n8n (low privilege threshold)
  2. Exploitation via Git Node:
    • Attacker creates or modifies a workflow that includes the Git node
    • Malicious workflow parameters specify arbitrary file paths outside intended directories
    • Git node operations write attacker-controlled content to system locations
    • Files can be written to executable paths, configuration directories, or startup locations
  3. Code Execution:
    • Written files contain malicious code (shell scripts, executables, or configuration files)
    • n8n service or underlying system processes execute the planted files
    • Attacker achieves remote code execution in the context of the n8n service

Attack Complexity: Low - requires only authenticated access and basic workflow knowledge; no special timing, race conditions, or complex prerequisites needed.

Impact

Systems affected by this threat may experience:

  • Complete compromise of the n8n instance with full administrative access
  • Execution of arbitrary malicious code within the n8n service context
  • Unauthorised access to workflow configurations containing sensitive credentials
  • Theft of API keys, database passwords, and authentication tokens stored in workflows
  • Lateral movement to connected systems and integrated services
  • Data exfiltration from databases and APIs accessible through n8n
  • Disruption or manipulation of automated business processes
  • Potential supply chain attacks through compromised workflows

Affected Versions

The following versions are known to be affected:

  • n8n versions 0.123.0 through 1.121.2 (inclusive)

Fixed in: n8n v1.121.3 and later

Immediate Mitigation Steps

  1. Upgrade to Patched Version:
    • npm update n8n@latest
      # Or for Docker deployments:
      docker pull n8nio/n8n:latest
  2. Temporary Workarounds (if immediate upgrade is not possible):
    • Disable the Git node - The vulnerability is specifically in the Git node; disabling it prevents exploitation
    • Review and restrict user access privileges to limit who can create or modify workflows
    • Remove or suspend accounts for untrusted users
    • Implement network segmentation to limit n8n’s access to critical systems
    • Refer to n8n’s documentation on “Blocking access to nodes” for implementation guidance
  3. Detection and Response:
    • Review system logs for unusual file creation activity
    • Audit all workflow modifications made by authenticated users
    • Check for unexpected processes spawned by the n8n service
    • Scan file system for suspicious files in n8n directories
    • Monitor network connections from n8n instances for unusual outbound traffic

Long-term Recommendations

  1. Access Control and Governance:
    • Implement principle of least privilege for n8n user accounts
    • Establish workflow approval processes for production environments
    • Conduct regular access reviews and remove inactive users
    • Implement multi-factor authentication for all n8n accounts
    • Use role-based access control (RBAC) to limit workflow creation capabilities
  2. Security Hardening:
    • Deploy n8n in isolated network segments with strict firewall rules
    • Use secrets management solutions instead of storing credentials in workflows
    • Implement file integrity monitoring on n8n installations
    • Enable comprehensive logging and integrate with SIEM solutions
    • Regularly audit enabled nodes and disable unnecessary functionality
  3. Operational Security:
    • Establish a patch management process with SLA for critical vulnerabilities
    • Implement automated vulnerability scanning for n8n dependencies
    • Conduct security reviews of custom nodes and workflows
    • Maintain incident response procedures specific to workflow automation compromise
    • Regular backup and disaster recovery testing for n8n configurations

Framework Context

This incident aligns with multiple security frameworks:

  • owasp-asi ASI04:2026 Agentic Supply Chain Vulnerabilities: Workflow automation tools are third-party dependencies that agents rely on; vulnerabilities in these components create runtime supply chain risks
  • owasp-asi ASI05:2026 Unexpected Code Execution (RCE): Direct mapping to remote code execution through arbitrary file write in agentic workflow systems
  • owasp-llm LLM03:2025 Supply Chain: Third-party workflow automation platforms represent supply chain risks when integrated into AI systems
  • owasp-llm LLM06:2025 Excessive Agency: Compromised workflow automation enables damaging actions through legitimate tool execution paths
  • owasp-aatm T11 Unexpected RCE: Exploitation of code-generation and execution features in workflow automation to achieve remote code execution
  • CWE-434 Unrestricted Upload of File with Dangerous Type: Failure to validate file paths and content in Git node operations allows arbitrary file write leading to code execution

Updates

We will update this analysis as more information becomes available. Please monitor our security channels for the latest updates.

More Articles

Understanding Recent n8n Vulnerabilities: Exposure, Risk, and Remediation
Giuseppe Trovato
Giuseppe Trovato
Head of Research

Understanding Recent n8n Vulnerabilities: Exposure, Risk, and Remediation

A practical breakdown of recent n8n vulnerabilities, explaining exposure, risk, and how to choose the right remediation path.

Read more
Technical Advisory: LangChain Serialization Injection Enables Secret Extraction
Giuseppe Trovato
Giuseppe Trovato
Head of Research

Technical Advisory: LangChain Serialization Injection Enables Secret Extraction

Authenticated attackers can escape n8n's Pyodide Python sandbox to execute arbitrary system commands with host privileges.

Read more
Technical Advisory: n8n Remote Code Execution via Arbitrary File Write
Giuseppe Trovato
Giuseppe Trovato
Head of Research

Technical Advisory: n8n Remote Code Execution via Arbitrary File Write

Critical vulnerability in n8n workflow automation allows authenticated attackers to achieve remote code execution through Git node exploitation

Read more
Footer graphic with abstract geometric patterns and gradients

Identify your AI Agents and their Risks, Instantly.

Book a Demo