CVE-2025-62726

HIGH LAB

n8n < 1.113.0 - Remote Code Execution via Git Node Pre-Commit Hook

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2025-62726. PoCs published by adminlove520, baktistr, Muzyli.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2025-62726, demonstrating RCE in n8n via malicious Git pre-commit hooks. It includes a Docker setup for a vulnerable n8n instance and a workflow to trigger the exploit.

Description

n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigger the hook’s execution. This allows attackers to execute arbitrary code within the n8n environment, potentially compromising the system and any connected credentials or workflows. This vulnerability is fixed in 1.113.0.

Exploits (3)

github WORKING POC 2 stars
by adminlove520 · pythonpoc
https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-62726

This repository contains a functional PoC for CVE-2025-62726, demonstrating RCE in n8n via malicious Git pre-commit hooks. It includes a Docker setup for a vulnerable n8n instance and a workflow to trigger the exploit.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: n8n < 1.113.0
Auth required
Prerequisites: Docker environment · n8n instance with Git Node enabled · ability to clone a malicious repository
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC
by baktistr · poc
https://github.com/baktistr/cve-2025-62726-poc

This PoC demonstrates a Remote Code Execution (RCE) vulnerability in n8n's Git Node via malicious Git pre-commit hooks. The exploit leverages the automatic execution of untrusted Git hooks during commit operations to achieve arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: n8n < 1.113.0
No auth needed
Prerequisites: Access to an n8n instance with Git Node functionality · Ability to clone a malicious repository
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.8
EPSS 0.0022
EPSS Percentile 45.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Lab Environment

COMMUNITY
Community Lab
docker pull n8nio/n8n:1.112.0
+1 more repos

Details

CWE
CWE-829
Status published
Products (2)
n8n/n8n < 1.113.0
npm/n8n 0 - 1.113.0npm
Published Oct 30, 2025
Tracked Since Feb 18, 2026