Open-source workflow automation platform n8n has issued a critical alert regarding a severe security vulnerability, CVE-2026-21877, that could enable authenticated remote code execution (RCE) with the highest possible CVSS score of 10.0. This maximum-severity flaw poses a significant risk to instances of n8n, potentially allowing attackers to gain complete control over affected systems. The discovery highlights ongoing security challenges within popular workflow automation tools and emphasizes the importance of timely updates for cloud security.
The vulnerability allows an authenticated user, under specific circumstances, to execute untrusted code on the n8n service. This could lead to a full compromise of the compromised instance, according to information released by n8n in an advisory on Tuesday. Both self-hosted deployments and n8n Cloud instances are reported to be impacted by this critical security flaw.
n8n Addresses Critical Remote Code Execution Vulnerability
The security flaw, now identified as CVE-2026-21877, has a CVSS score of 10.0, indicating a critical severity level. n8n has confirmed that the vulnerability affects specific versions of its platform. The issue has been rectified and addressed in version 1.121.3, which was released in November 2025. Security researcher Théo Lelasseux, operating under the handle @theolelasseux, has been credited with the discovery and responsible disclosure of this significant vulnerability.
To mitigate the risk posed by CVE-2026-21877, users are strongly advised to upgrade to version 1.121.3 of n8n or a later release. This update contains the necessary patches to fully resolve the vulnerability. For organizations where immediate patching is not feasible, n8n recommends implementing temporary workarounds as a protective measure.
Mitigation Strategies for n8n Users
As an interim solution while awaiting a full upgrade, n8n administrators are urged to disable the Git node within the platform. Furthermore, it is crucial to strictly limit access to the n8n service for untrusted users. These measures are designed to reduce the attack surface and prevent potential exploitation of the vulnerability.
This latest disclosure comes in the wake of n8n’s ongoing efforts to address a series of critical security flaws that have been identified on the platform throughout 2025. Previously, vulnerabilities such as CVE-2025-68613 and CVE-2025-68668, both carrying CVSS scores of 9.9, have also been patched. These past incidents, like the current CVE-2026-21877, could also lead to code execution under certain conditions, underscoring the consistent need for vigilance in maintaining the security of workflow automation systems.
The continuous identification and patching of such vulnerabilities in n8n demonstrate the dynamic nature of cybersecurity threats. As open-source platforms evolve and gain wider adoption, the scrutiny from security researchers intensifies, leading to a proactive approach to identifying and remediating potential weaknesses. Users of n8n, particularly those managing sensitive data or critical workflows, should prioritize keeping their installations updated to the latest security patches to safeguard against evolving cyber risks.
Looking ahead, the focus for n8n users will remain on maintaining up-to-date installations and staying informed about any further security advisories. The ongoing commitment from the n8n development team and the security research community to identify and resolve these issues is essential for the long-term security and reliability of the platform. Organizations leveraging n8n should maintain a policy of regular security audits and prompt application of updates.