CNNVD-202602-617 Information
CNNVD ID
CNNVD-202602-617
Related CVE
- CNNVD Published: 2026-02-04
Description (Chinese)
n8n是n8n开源的一个可扩展的工作流自动化工具。 n8n 1.123.17之前版本和2.5.2之前版本存在安全漏洞,该漏洞源于经过身份验证的用户可利用工作流参数中的表达式,可能导致主机命令执行。
Description (English)
n8n is an expanded workflow automation tool for n8n open source. n8n 1.123.17 There is a security loophole in previous versions and 2.5.2, which stems from the expression in the working-flow parameters that can be used by an identified user and may lead to the execution of the host command.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
n8n
Published
2026-02-04
Last Modified
2026-02-24
References
https://github.com/n8n-io/n8n/commit/936c06cfc1ad269a89e8ef7f8ac79c104436d54b https://github.com/n8n-io/n8n/commit/7860896909b3d42993a36297f053d2b0e633235d https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8 https://access.redhat.com/security/cve/cve-2026-25049
Patch
https://github.com/n8n-io/n8n/releases
Share on: