CVE-2026-25053
Published: 04 February 2026
Summary
CVE-2026-25053 is a critical-severity OS Command Injection (CWE-78) vulnerability in N8N N8N. Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 7.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents OS command injection in the Git node by validating and sanitizing user inputs used in workflow execution.
Requires timely patching to n8n versions 1.123.10 or 2.5.0 to eliminate the command injection vulnerability.
Enforces least privilege on workflow create/modify permissions and n8n host process privileges to limit the scope and impact of exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in public-facing n8n workflow platform directly enables remote exploitation of the application (T1190) for arbitrary command execution via shell (T1059) and local file reads (T1005).
NVD Description
n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the…
more
n8n host. This issue has been patched in versions 1.123.10 and 2.5.0.
Deeper analysisAI
CVE-2026-25053 is a critical vulnerability (CVSS 9.9, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) classified under CWE-78 (OS Command Injection) affecting the Git node in n8n, an open-source workflow automation platform. Versions prior to 1.123.10 and 2.5.0 are vulnerable, where flaws in the Git node allow authenticated users with permissions to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host.
An attacker requires only low-privilege authenticated access (PR:L) and permission to create or modify workflows to exploit this remotely (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation changes the scope (S:C) and enables high-impact outcomes, including full host compromise through arbitrary command execution for potential remote code execution or data exfiltration via arbitrary file reads.
The n8n security advisory at https://github.com/n8n-io/n8n/security/advisories/GHSA-9g95-qf3f-ggrw states that the vulnerability has been patched in versions 1.123.10 and 2.5.0, recommending immediate upgrades for affected deployments.
Details
- CWE(s)