QwikSec

Security Database

CVE

CWE

Training

CVE-2026-21893

Published: Feb 4, 2026

Modified: Feb 4, 2026

PUBLISHED

Description

n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system commands on the n8n host under specific conditions. This issue has been patched in version 1.120.3.

Vendor	Product	Versions
n8n-io	n8n	affected `>= 0.187.0, < 1.120.3`

Weaknesses (CWE)

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-7c4h-vh2m-743m

x_refsource_CONFIRM

https://github.com/n8n-io/n8n/commit/ae0669a736cc496beeb296e115267862727ae838

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.