Arbitrary Command Execution in n8n by n8n-io
CVE-2025-71380

8.7HIGH

Key Information:

Vendor

N8n

Status
Vendor
CVE Published:
4 July 2026

What is CVE-2025-71380?

The Execute Command node in n8n allows authenticated users to run arbitrary commands on the underlying host system. This vulnerability can be exploited by attackers with valid user credentials, granting them the ability to execute malicious commands. Such exploitation can lead to severe consequences, including unauthorized data access, service interruptions, and potential total compromise of the system. Mitigation strategies should focus on limiting access to the Execute Command node and implementing robust credential management practices.

Affected Version(s)

n8n 0 <= 1.114.4

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.