n8n, an open source workflow automation platform, recently disclosed a critical remote code execution vulnerability, CVE-2026-21877, with a CVSS score of 10.0 out of 10, which is rated as the highest level of risk. Under certain conditions, an authenticated user can write to an arbitrary file to trigger the service to execute untrusted code, which can completely take over the affected instance, leading to data leakage, configuration tampering, and even lateral movement attacks.
This vulnerability affects both self-built deployments and the n8n Cloud, and affects versions ranging from ≥0.123.0 to <1.121.3。 官方已在 1.121.3 版本中修复该问题,并强烈建议用户尽快升级到该版本或更高版本,以彻底消除风险。 若暂无法停机更新,建议管理员临时禁用 Git 节点,并限制仅信任用户访问 n8n 服务,以降低被利用的可能性。 网络安全团队应重点排查相关资产暴露情况,并持续监控异常执行行为。
