n8n, the “fair-code” workflow automation platform beloved by engineering teams for its combination of low-code speed and programming flexibility, has issued a critical security advisory.
Few details are available on the exact exploitation method to prevent large-scale abuse, however, the mitigation recommendations provide one significant clue: the vulnerability may be related to the platform’s version management capabilities.
Specifically, it is a highly critical bug, tracked under the identifier CVE-2026-21877, which reaches the maximum possible CVSS score of 10.0, threatening both self-hosted and cloud-based instances with complete compromise.
The vulnerability is a Remote Code Execution (RCE) vulnerability, which allows an authenticated user to overwrite critical files and execute untrusted code on the server, effectively giving them access to the underlying system.
The advisory explicitly states that the flaw allows an attacker to “cause the n8n service to execute untrusted code.” This is achieved through an “arbitrary file writing” mechanism.
The suggested workaround points to the Git node, a feature likely used for version control of workflows. Administrators unable to immediately apply the patch are advised to ” reduce exposure by disabling the Git node,” suggesting that this component is the vector used to write the malicious files.
A CVSS score of 10 is rare and reserved for the most dangerous vulnerabilities , those that are easy to exploit, require low complexity, and result in a complete loss of confidentiality, integrity, and availability.
In this case, although the attack requires an “authenticated user,” n8n is often used collaboratively. A single compromised user account, or an attacker inside, could exploit this flaw to trigger a “full compromise of the affected instance.”
The risk is universal: “Both self-hosted and n8n Cloud instances are affected.” The n8n team moved quickly to patch the flaw. The vulnerability was fixed in n8n version 1.121.3.
We strongly recommend that all users upgrade to this or a later version immediately. For those who cannot take their system down for an upgrade at this time, the primary defense is to disable the Git node and strictly limit access to trusted users only.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
