SSH Command Vulnerability in n8n Workflow Automation Platform
CVE-2026-33724

6.3MEDIUM

Key Information:

Vendor: N8n-io
Status: N8n
Vendor: CVE Published:; 25 March 2026

What is CVE-2026-33724?

The n8n workflow automation platform has a vulnerability where configuring the Source Control feature to use SSH could lead to significant security risks. Specifically, prior to version 2.5.0, the SSH command employed for git operations did not verify host keys, allowing potential man-in-the-middle attacks. Malicious actors could exploit this by intercepting connections to the remote Git server, presenting a fraudulent host key, and injecting harmful content into workflows or stealing repository data. Users should upgrade to n8n version 2.5.0 or later to fully secure their systems. In the interim, it is advisable to disable the Source Control feature if not essential or limit network access to ensure secure communication paths to the Git server.

Affected Version(s)

n8n < 2.5.0

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-43...

x_refsource_CONFIRM

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Mar 23, 2026

CVE-2026-33724 Data

JSON

N8n-io

What is CVE-2026-33724?

Affected Version(s)

References

CVSS V4

Timeline