Plateforme
nodejs
Composant
n8n
Corrigé dans
1.121.4
1.121.3
CVE-2026-21877 represents a critical Remote Code Execution (RCE) vulnerability affecting the n8n workflow automation platform. Successful exploitation allows an authenticated user to execute arbitrary code, potentially leading to complete compromise of the affected instance. This vulnerability impacts both self-hosted and n8n Cloud deployments and is resolved in version 1.121.3 or later.
The impact of CVE-2026-21877 is severe. An attacker, once authenticated, can leverage this vulnerability to execute arbitrary code on the n8n server. This grants them complete control over the system, enabling actions such as data exfiltration, malware installation, and lateral movement within the network. Given n8n's role in automating workflows and integrating with various services, a successful attack could have cascading effects, impacting connected applications and data sources. The ability to execute code directly on the server bypasses typical security controls, making this a high-risk vulnerability.
CVE-2026-21877 was publicly disclosed on January 6, 2026. The vulnerability's severity and ease of exploitation suggest a potential for active exploitation. While no public proof-of-concept (PoC) has been observed as of this writing, the RCE nature of the vulnerability makes it a high-priority target for attackers. Monitor security advisories and threat intelligence feeds for any indications of exploitation campaigns targeting n8n.
Organizations heavily reliant on n8n for workflow automation and integrations are particularly at risk. This includes businesses using n8n to connect to sensitive data sources or critical business applications. Shared hosting environments where multiple users share the same n8n instance are also at increased risk, as a compromise of one user could potentially impact others.
• nodejs / server: Monitor n8n process logs for unusual activity or unexpected code execution. Use ps aux | grep n8n to check running processes and look for suspicious commands.
• generic web: Check n8n server access logs for unusual requests or patterns indicative of attempted exploitation. Look for requests targeting vulnerable endpoints.
• linux / server: Use journalctl -u n8n to review n8n service logs for error messages or suspicious events related to code execution.
journalctl -u n8n -f | grep -i errordisclosure
Statut de l'Exploit
EPSS
14.14% (percentile 94%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2026-21877 is to immediately upgrade to n8n version 1.121.3 or a later, patched version. If an immediate upgrade is not feasible, administrators can reduce the attack surface by disabling the Git functionality within n8n. This limits the potential attack vector. Consider implementing network segmentation to restrict access to the n8n instance. Regularly review user permissions and enforce the principle of least privilege to minimize the impact of a potential compromise. After upgrading, verify the fix by attempting to trigger the vulnerable functionality (if possible in a safe testing environment) and confirming that it is no longer exploitable.
Mettez à jour n8n à la version 1.121.3 ou supérieure. En tant que solution temporaire, désactivez le noeud Git et limitez l'accès aux utilisateurs non fiables. La mise à jour est recommandée pour atténuer complètement la vulnérabilité.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-21877 is a critical Remote Code Execution vulnerability in n8n, allowing authenticated users to execute arbitrary code on the server.
You are affected if you are running n8n versions prior to 1.121.3. Both self-hosted and n8n Cloud instances are vulnerable.
Upgrade to n8n version 1.121.3 or later. As a temporary workaround, disable the Git functionality within n8n.
While no public exploits are currently known, the RCE nature of the vulnerability suggests a potential for active exploitation. Monitor security advisories.
Refer to the official n8n security advisory on their website or GitHub repository for the latest information and updates.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.