Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.0
n8n allows attackers to run commands on the server
CVE-2026-27498
GHSA-x2mw-7j39-93xq
Summary
An attacker with permission to create workflows in n8n can run arbitrary shell commands on the server. This can happen if an attacker can write to specific files and then trigger a Git operation. To fix this, upgrade to n8n version 2.2.0 or later, or temporarily limit user permissions and disable the 'Read/Write Files from Disk' node.
What to do
- Update GitHub Actions n8n to version 1.123.8.
- Update GitHub Actions n8n to version 2.2.0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| GitHub Actions | n8n | <= 1.123.8 | 1.123.8 |
| GitHub Actions | n8n | > 2.0.0 , <= 2.2.0 | 2.2.0 |
| n8n | n8n | <= 1.123.8 | – |
| n8n | n8n | > 2.0.0 , <= 2.2.0 | – |
Original title
n8n has Arbitrary Command Execution via File Write and Git Operations
Original description
## Impact
An authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration files and then triggering a git operation, the attacker could execute arbitrary shell commands on the n8n host.
## Patches
The issue has been fixed in n8n versions 2.2.0 and 1.123.8. Users should upgrade to one of these versions or later to remediate the vulnerability.
## Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
- Limit workflow creation and editing permissions to fully trusted users only.
- Disable the Read/Write Files from Disk node by adding `n8n-nodes-base.readWriteFile` to the `NODES_EXCLUDE` environment variable.
These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
An authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration files and then triggering a git operation, the attacker could execute arbitrary shell commands on the n8n host.
## Patches
The issue has been fixed in n8n versions 2.2.0 and 1.123.8. Users should upgrade to one of these versions or later to remediate the vulnerability.
## Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
- Limit workflow creation and editing permissions to fully trusted users only.
- Disable the Read/Write Files from Disk node by adding `n8n-nodes-base.readWriteFile` to the `NODES_EXCLUDE` environment variable.
These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
nvd CVSS3.1
8.8
nvd CVSS4.0
9.0
Vulnerability type
CWE-94
Code Injection
- https://nvd.nist.gov/vuln/detail/CVE-2026-27498
- https://github.com/advisories/GHSA-x2mw-7j39-93xq
- https://github.com/n8n-io/n8n/commit/97365caf253978ba8e46d7bc53fa7ac3b6f67b32 Patch
- https://github.com/n8n-io/n8n/commit/e22acaab3dcb2004e5fe0bf9ef2db975bde61866 Patch
- https://github.com/n8n-io/n8n/releases/tag/[email protected] Release Notes
- https://github.com/n8n-io/n8n/releases/tag/[email protected] Release Notes
- https://github.com/n8n-io/n8n/security/advisories/GHSA-x2mw-7j39-93xq Vendor Advisory
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026