CVE-2026-27498: n8n has Arbitrary Command Execution via File Write and Git Operations
(updated )
An authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration files and then triggering a git operation, the attacker could execute arbitrary shell commands on the n8n host.
References
- github.com/advisories/GHSA-x2mw-7j39-93xq
- github.com/n8n-io/n8n
- github.com/n8n-io/n8n/commit/97365caf253978ba8e46d7bc53fa7ac3b6f67b32
- github.com/n8n-io/n8n/commit/e22acaab3dcb2004e5fe0bf9ef2db975bde61866
- github.com/n8n-io/n8n/releases/tag/n8n@1.123.8
- github.com/n8n-io/n8n/releases/tag/n8n@2.2.0
- github.com/n8n-io/n8n/security/advisories/GHSA-x2mw-7j39-93xq
- nvd.nist.gov/vuln/detail/CVE-2026-27498
Code Behaviors & Features
Detect and mitigate CVE-2026-27498 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →