GHSA-x2mw-7j39-93xq: n8n has Arbitrary Command Execution via File Write and Git Operations
Summary
n8n (a workflow automation tool) has a vulnerability where an authenticated user with workflow editing permissions could combine the Read/Write Files from Disk node (a component that modifies files on the server) with git operations (version control commands) to execute arbitrary shell commands (any commands an attacker chooses) on the n8n server. This requires the attacker to already have valid user access.
Solution / Mitigation
The issue has been fixed in n8n versions 2.2.0 and 1.123.8. Users should upgrade to one of these versions or later. If upgrading is not immediately possible, administrators can temporarily: (1) Limit workflow creation and editing permissions to fully trusted users only, or (2) Disable the Read/Write Files from Disk node by adding `n8n-nodes-base.readWriteFile` to the `NODES_EXCLUDE` environment variable. The source notes these workarounds do not fully remediate the risk and should only be short-term measures.
Vulnerability Details
EPSS: 0.4%
Classification
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-x2mw-7j39-93xq
First tracked: February 25, 2026 at 11:00 PM
Classified by LLM (prompt v3) · confidence: 85%