CVE-2026-25053: n8n has OS Command Injection in Git Node

February 4, 2026

Vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host.

References

github.com/advisories/GHSA-9g95-qf3f-ggrw
github.com/n8n-io/n8n
github.com/n8n-io/n8n/security/advisories/GHSA-9g95-qf3f-ggrw
nvd.nist.gov/vuln/detail/CVE-2026-25053

Code Behaviors & Features

Detect and mitigate CVE-2026-25053 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →