CVE-2025-71380
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or complete system compromise.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n8n | n8n | 0 <= 1.114.4 | affected |
Weaknesses
- CWE-284: Improper Access Control
References
- https://github.com/n8n-io/n8n/security/advisories/GHSA-365g-vjw2-grx8
- https://www.vulncheck.com/advisories/n8n-arbitrary-command-execution-via-execute-command-node
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.