CVE-2026-25056

HIGH

N8n < 1.118.0 - Remote Code Execution

Title source: rule

Description

n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remote code execution. This issue has been patched in versions 1.118.0 and 2.4.0.

References (1)

[Patch, Vendor Advisory] https://github.com/n8n-io/n8n/security/advisories/GHSA-hv53-3329-vmrm

Scores

CVSS v3 8.8

EPSS 0.0019

EPSS Percentile 40.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-693 CWE-434

Status published

Products (2)

n8n/n8n < 1.118.0

npm/n8n 0 - 1.118.0npm

Published Feb 04, 2026

Tracked Since Feb 18, 2026