← Volver a CVEs
CVE-2026-21877
CRITICAL9.9
Descripcion
n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version 1.121.3. Administrators can reduce exposure by disabling the Git node and limiting access for untrusted users, but upgrading to the latest version is recommended.
Detalles CVE
Puntuacion CVSS v3.19.9
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado1/8/2026
Ultima modificacion1/20/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
n8n:n8n
Debilidades (CWE)
CWE-94CWE-434
Referencias
https://github.com/n8n-io/n8n/commit/f4b009d00d1f4ba9359b8e8f1c071e3d910a55f6(security-advisories@github.com)
https://github.com/n8n-io/n8n/security/advisories/GHSA-v364-rw7m-3263(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.