CVE-2026-25053

CRITICAL

n8n < 1.123.10 and 2.0.0-2.5.0 - Authenticated OS Command Injection and Arbitrary File Read via Git Node

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-25053. PoCs published by XiaomingX, yadhukrishnam.

AI-analyzed exploit summary This repository contains a functional SQL injection exploit for WordPress Quiz Maker (CVE-2025-10042), demonstrating time-based blind SQLi via crafted HTTP headers. The exploit includes data extraction capabilities for admin credentials and password hashes.

Description

n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been patched in versions 1.123.10 and 2.5.0.

Exploits (2)

github WORKING POC 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-25053

View Code ZIP pw:eip

This repository contains a functional SQL injection exploit for WordPress Quiz Maker (CVE-2025-10042), demonstrating time-based blind SQLi via crafted HTTP headers. The exploit includes data extraction capabilities for admin credentials and password hashes.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: WordPress Quiz Maker <= 6.7.0.56

No auth needed

Prerequisites: Target WordPress URL · Path to quiz page · Vulnerable header (default: X-Forwarded-For)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WRITEUP 1 stars

by yadhukrishnam · poc

https://github.com/yadhukrishnam/CVE-2026-25053

View Code ZIP pw:eip

This repository contains a README linking to a blog post detailing CVE-2026-25053, a remote code execution vulnerability in the n8n Git Node. No exploit code is present.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Theoretical

Reliability

Theoretical

Target: n8n Git Node (version not specified)

No auth needed

Prerequisites: Access to the vulnerable n8n Git Node instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_confirm

https://github.com/n8n-io/n8n/security/advisories/GHSA-9g95-qf3f-ggrw

Scores

CVSS v3 9.9

EPSS 0.0003

EPSS Percentile 9.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (2)

n8n/n8n < 1.123.0

npm/n8n 2.0.0 - 2.5.0npm

Published Feb 04, 2026

Tracked Since Feb 18, 2026