Plateforme
nodejs
Composant
n8n
Corrigé dans
1.123.9
2.0.1
1.123.8
CVE-2026-27498 is a remote code execution (RCE) vulnerability affecting n8n, a workflow automation platform. An authenticated user with sufficient permissions can chain the Read/Write Files from Disk node with git operations to execute arbitrary shell commands on the n8n host. This vulnerability impacts versions prior to 1.123.8 and 2.2.0, and a patch is available.
This vulnerability allows an authenticated attacker to gain complete control over the n8n server. By crafting malicious workflows that leverage the Read/Write Files from Disk node and subsequent git operations, an attacker can inject and execute arbitrary shell commands. The impact is significant, potentially leading to data breaches, system compromise, and complete takeover of the affected n8n instance. The ability to execute commands directly on the server bypasses typical security controls and represents a severe risk, especially in environments where n8n handles sensitive data or integrates with critical systems. Successful exploitation could allow an attacker to steal credentials, modify workflows, or even pivot to other systems on the network.
CVE-2026-27498 was publicly disclosed on 2026-02-25. There is no indication of active exploitation at this time, but the vulnerability's ease of exploitation and the potential impact warrant immediate attention. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept code is not yet available, but the vulnerability description suggests a relatively straightforward exploitation path.
Organizations using n8n for workflow automation, particularly those handling sensitive data or integrating with critical systems, are at risk. Environments with overly permissive user roles or those lacking robust security monitoring are especially vulnerable. Shared hosting environments where multiple users share an n8n instance are also at increased risk.
• nodejs / server: Monitor n8n logs for unusual file creation or modification patterns within the Read/Write Files from Disk node directory. Look for suspicious git commands being executed.
find /path/to/n8n/data/ -mmin -60 -type f -print0 | xargs -0 grep -i 'malicious_command'• nodejs / server: Use ps or top to monitor processes running within the n8n container for unexpected command-line arguments or resource consumption.
ps aux | grep n8n• generic web: Check n8n workflow configurations for suspicious file paths or commands that could be exploited. Review user permissions to ensure least privilege access.
disclosure
Statut de l'Exploit
EPSS
0.44% (percentile 63%)
CISA SSVC
Vecteur CVSS
The primary mitigation is to upgrade n8n to version 1.123.8 or 2.2.0 or later. If immediate upgrading is not feasible, administrators should restrict user permissions to minimize the potential attack surface. Specifically, limit users' ability to create or modify workflows, and carefully review existing workflows for suspicious activity. Consider implementing a Web Application Firewall (WAF) with rules to detect and block malicious workflow configurations attempting to execute shell commands. Regularly audit n8n configurations and user permissions to ensure adherence to security best practices.
Actualice n8n a la versión 2.2.0 o superior, o a la versión 1.123.8 o superior. Si la actualización no es posible de inmediato, limite los permisos de creación y edición de flujos de trabajo solo a usuarios de confianza, o deshabilite el nodo Read/Write Files from Disk agregando `n8n-nodes-base.readWriteFile` a la variable de entorno `NODES_EXCLUDE`. Tenga en cuenta que estas soluciones alternativas no mitigan completamente el riesgo y solo deben usarse como medidas de mitigación a corto plazo.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-27498 is a remote code execution vulnerability in n8n where an authenticated user can exploit file operations and git commands to execute arbitrary shell commands on the server.
You are affected if you are running n8n versions prior to 1.123.8 or 2.2.0. Verify your version and upgrade immediately if vulnerable.
Upgrade n8n to version 1.123.8 or 2.2.0 or later. As a temporary workaround, restrict user permissions to limit workflow creation and modification.
There is currently no public information indicating active exploitation, but the vulnerability's severity and potential impact warrant immediate remediation.
Refer to the official n8n security advisory for detailed information and updates: [https://n8n.io/security/advisories](https://n8n.io/security/advisories)
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.