{"data":{"id":"dbfd01e6-74da-4e77-b7a7-ca69828ccdea","title":"GHSA-x2mw-7j39-93xq: n8n has Arbitrary Command Execution via File Write and Git Operations","summary":"n8n (a workflow automation tool) has a vulnerability where an authenticated user with workflow editing permissions could combine the Read/Write Files from Disk node (a component that modifies files on the server) with git operations (version control commands) to execute arbitrary shell commands (any commands an attacker chooses) on the n8n server. This requires the attacker to already have valid user access.","solution":"The issue has been fixed in n8n versions 2.2.0 and 1.123.8. Users should upgrade to one of these versions or later. If upgrading is not immediately possible, administrators can temporarily: (1) Limit workflow creation and editing permissions to fully trusted users only, or (2) Disable the Read/Write Files from Disk node by adding `n8n-nodes-base.readWriteFile` to the `NODES_EXCLUDE` environment variable. The source notes these workarounds do not fully remediate the risk and should only be short-term measures.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-x2mw-7j39-93xq","publishedAt":"2026-02-25T21:54:19.000Z","cveId":"CVE-2026-27498","cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["n8n@>= 2.0.0, < 2.2.0 (fixed: 2.2.0)","n8n@< 1.123.8 (fixed: 1.123.8)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["n8n"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00444,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}