Platform
nodejs
Component
n8n
Fixed in
1.121.4
1.121.3
CVE-2026-21877 represents a critical Remote Code Execution (RCE) vulnerability affecting the n8n workflow automation platform. Successful exploitation allows an authenticated user to execute arbitrary code, potentially leading to complete compromise of the affected instance. This vulnerability impacts both self-hosted and n8n Cloud deployments and is resolved in version 1.121.3 or later.
The impact of CVE-2026-21877 is severe. An attacker, once authenticated, can leverage this vulnerability to execute arbitrary code on the n8n server. This grants them complete control over the system, enabling actions such as data exfiltration, malware installation, and lateral movement within the network. Given n8n's role in automating workflows and integrating with various services, a successful attack could have cascading effects, impacting connected applications and data sources. The ability to execute code directly on the server bypasses typical security controls, making this a high-risk vulnerability.
CVE-2026-21877 was publicly disclosed on January 6, 2026. The vulnerability's severity and ease of exploitation suggest a potential for active exploitation. While no public proof-of-concept (PoC) has been observed as of this writing, the RCE nature of the vulnerability makes it a high-priority target for attackers. Monitor security advisories and threat intelligence feeds for any indications of exploitation campaigns targeting n8n.
Exploit Status
EPSS
14.14% (94% percentile)
CISA SSVC
The primary mitigation for CVE-2026-21877 is to immediately upgrade to n8n version 1.121.3 or a later, patched version. If an immediate upgrade is not feasible, administrators can reduce the attack surface by disabling the Git functionality within n8n. This limits the potential attack vector. Consider implementing network segmentation to restrict access to the n8n instance. Regularly review user permissions and enforce the principle of least privilege to minimize the impact of a potential compromise. After upgrading, verify the fix by attempting to trigger the vulnerable functionality (if possible in a safe testing environment) and confirming that it is no longer exploitable.
Update n8n to version 1.121.3 or later. As a temporary measure, disable the Git node and limit access for untrusted users. Updating is recommended to fully mitigate the vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-21877 is a critical Remote Code Execution vulnerability in n8n, allowing authenticated users to execute arbitrary code on the server.
You are affected if you are running n8n versions prior to 1.121.3. Both self-hosted and n8n Cloud instances are vulnerable.
Upgrade to n8n version 1.121.3 or later. As a temporary workaround, disable the Git functionality within n8n.
While no public exploits are currently known, the RCE nature of the vulnerability suggests a potential for active exploitation. Monitor security advisories.
Refer to the official n8n security advisory on their website or GitHub repository for the latest information and updates.
CVSS Vector
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.