プラットフォーム
nodejs
コンポーネント
n8n
修正版
1.121.4
1.121.3
CVE-2026-21877 represents a critical Remote Code Execution (RCE) vulnerability affecting the n8n workflow automation platform. Successful exploitation allows an authenticated user to execute arbitrary code, potentially leading to complete compromise of the affected instance. This vulnerability impacts both self-hosted and n8n Cloud deployments and is resolved in version 1.121.3 or later.
The impact of CVE-2026-21877 is severe. An attacker, once authenticated, can leverage this vulnerability to execute arbitrary code on the n8n server. This grants them complete control over the system, enabling actions such as data exfiltration, malware installation, and lateral movement within the network. Given n8n's role in automating workflows and integrating with various services, a successful attack could have cascading effects, impacting connected applications and data sources. The ability to execute code directly on the server bypasses typical security controls, making this a high-risk vulnerability.
CVE-2026-21877 was publicly disclosed on January 6, 2026. The vulnerability's severity and ease of exploitation suggest a potential for active exploitation. While no public proof-of-concept (PoC) has been observed as of this writing, the RCE nature of the vulnerability makes it a high-priority target for attackers. Monitor security advisories and threat intelligence feeds for any indications of exploitation campaigns targeting n8n.
Organizations heavily reliant on n8n for workflow automation and integrations are particularly at risk. This includes businesses using n8n to connect to sensitive data sources or critical business applications. Shared hosting environments where multiple users share the same n8n instance are also at increased risk, as a compromise of one user could potentially impact others.
• nodejs / server: Monitor n8n process logs for unusual activity or unexpected code execution. Use ps aux | grep n8n to check running processes and look for suspicious commands.
• generic web: Check n8n server access logs for unusual requests or patterns indicative of attempted exploitation. Look for requests targeting vulnerable endpoints.
• linux / server: Use journalctl -u n8n to review n8n service logs for error messages or suspicious events related to code execution.
journalctl -u n8n -f | grep -i errordisclosure
エクスプロイト状況
EPSS
14.14% (94% パーセンタイル)
CISA SSVC
The primary mitigation for CVE-2026-21877 is to immediately upgrade to n8n version 1.121.3 or a later, patched version. If an immediate upgrade is not feasible, administrators can reduce the attack surface by disabling the Git functionality within n8n. This limits the potential attack vector. Consider implementing network segmentation to restrict access to the n8n instance. Regularly review user permissions and enforce the principle of least privilege to minimize the impact of a potential compromise. After upgrading, verify the fix by attempting to trigger the vulnerable functionality (if possible in a safe testing environment) and confirming that it is no longer exploitable.
n8n をバージョン 1.121.3 以降にアップデートしてください。一時的な対策として、Git ノードを無効にし、信頼できないユーザーへのアクセスを制限してください。脆弱性の完全な軽減には、アップデートをお勧めします。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-21877 is a critical Remote Code Execution vulnerability in n8n, allowing authenticated users to execute arbitrary code on the server.
You are affected if you are running n8n versions prior to 1.121.3. Both self-hosted and n8n Cloud instances are vulnerable.
Upgrade to n8n version 1.121.3 or later. As a temporary workaround, disable the Git functionality within n8n.
While no public exploits are currently known, the RCE nature of the vulnerability suggests a potential for active exploitation. Monitor security advisories.
Refer to the official n8n security advisory on their website or GitHub repository for the latest information and updates.
CVSS ベクトル