CNNVD-202602-606 Information
CNNVD ID
CNNVD-202602-606
Related CVE
- CNNVD Published: 2026-02-04
Description (Chinese)
n8n是n8n开源的一个可扩展的工作流自动化工具。 n8n 0.187.0版本至1.120.3之前版本存在操作系统命令注入漏洞,该漏洞源于社区包安装功能存在命令注入,可能允许具有管理权限的认证用户在特定条件下在n8n主机上执行任意系统命令。
Description (English)
n8n is an expanded workflow automation tool for n8n open source. Before versions 0.187.0 to 1.120.3, there was a loophole in the operating system command, which resulted from the presence of an order for the installation of a community package, which may allow a certified user with managerial authority to execute an arbitrary system order on the n8n mainframe under certain conditions.
Hazard Level
High
Vulnerability Type
操作系统命令注入
Affected Vendor
n8n
Published
2026-02-04
Last Modified
2026-02-24
References
https://github.com/n8n-io/n8n/commit/ae0669a736cc496beeb296e115267862727ae838 https://github.com/n8n-io/n8n/security/advisories/GHSA-7c4h-vh2m-743m https://access.redhat.com/security/cve/cve-2026-21893
Patch
https://github.com/n8n-io/n8n/releases
Share on: