8.8

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-365g-vjw2-grx8

GHSA-365g-vjw2-grx8: n8n: Execute Command Node Allows Authenticated Users to Run Arbitrary Commands on Host

Impact

The Execute Command node in n8n allows execution of arbitrary commands on the host system where n8n runs. While this functionality is intended for advanced automation and can be useful in certain workflows, it poses a security risk if all users with access to the n8n instance are not fully trusted.

An attacker—either a malicious user or someone who has compromised a legitimate user account—could exploit this node to run arbitrary commands on the host machine, potentially leading to data exfiltration, service disruption, or full system compromise.

This vulnerability affects all n8n deployments where:

The Execute Command node is enabled, and
Not all user accounts are strictly controlled and trusted.

n8n.cloud is not impacted.

Patches

No code changes have been made to alter the behavior of the Execute Command node. The recommended mitigation is to disable the node by default in environments where it is not explicitly required.

Future n8n versions may change the default availability of this node.

Workarounds

Administrators can disable the Execute Command node by setting the following environment variable before starting n8n:

export NODES_EXCLUDE: "[\"n8n-nodes-base.executeCommand\"]"

References

n8n docs: Execute Command n8n docs: Blocking nodes

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-365g-vjw2-grx8

GHSA-365g-vjw2-grx8:

8.8

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
n8n-nodes-base	npm	<= 1.113.0
n8n	npm	<= 1.114.4

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability, GHSA-365g-vjw2-grx8, is a command injection vulnerability in the 'Execute Command' node of n8n. The advisory states that this is an intended functionality and the recommended mitigation is to disable the node, rather than patching the code. My analysis of the source code for the ExecuteCommand.node.ts file confirms this. The ExecuteCommand.execute method is the entry point that retrieves the user-supplied command. This command is then passed to the execPromise function, which uses child_process.exec to execute it on the underlying operating system. There is no sanitization or validation performed on the command, which means any authenticated user with permissions to use this node can execute arbitrary commands on the n8n server. This can lead to a full system compromise. The functions ExecuteCommand.execute and execPromise are the key functions that would appear in a runtime profile when this vulnerability is triggered.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

8.8

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-365g-vjw2-grx8: n8n: Execute Command Node Allows Authenticated Users to Run Arbitrary Commands on Host

Impact

Patches

Workarounds

References

GHSA-365g-vjw2-grx8:

8.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

8.8

8.8

Technical Details

GHSA-365g-vjw2-grx8: n8n: Execute Command Node Allows Authenticated Users to Run Arbitrary Commands on Host

Impact

Patches

Workarounds

References

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI