The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or complete system compromise.
Metrics
Affected Vendors & Products
References
History
Mon, 06 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Sat, 04 Jul 2026 01:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or complete system compromise. | |
| Title | n8n - Arbitrary Command Execution via Execute Command Node | |
| First Time appeared |
N8n
N8n n8n |
|
| Weaknesses | CWE-284 | |
| CPEs | cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:* | |
| Vendors & Products |
N8n
N8n n8n |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published: 2026-07-04T01:23:42.800Z
Updated: 2026-07-06T13:13:11.151Z
Reserved: 2026-06-20T13:11:44.728Z
Link: CVE-2025-71380
Updated: 2026-07-06T13:12:57.426Z
No data.
No data.