Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN001 _____________________________________________________________________ DATE : 07/01/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running n8n versions prior to 1.121.3. ===================================================================== https://github.com/n8n-io/n8n/security/advisories/GHSA-v364-rw7m-3263 _____________________________________________________________________ RCE via Arbitrary File Write Critical csuermann published GHSA-v364-rw7m-3263 Jan 6, 2026 Package n8n (npm) Affected versions >= 0.123.0 < 1.121.3 Patched versions 1.121.3 Description Impact n8n is affected by an authenticated Remote Code Execution (RCE) vulnerability. Under certain conditions, an authenticated user may be able to cause untrusted code to be executed by the n8n service. This could result in full compromise of the affected instance. Both self-hosted and n8n Cloud instances are impacted. Patches The issue has been resolved in n8n version 1.121.3. Users are advised to upgrade to this version or later to fully address the vulnerability. Workarounds If upgrading is not immediately possible, administrators can reduce exposure by disabling the Git node and limiting access for untrusted users. References n8n documentation: Blocking access to nodes Severity Critical 10/ 10 CVSS v3 base metrics Attack vector Network Attack complexity Low Privileges required Low User interaction None Scope Changed Confidentiality High Integrity High Availability High CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE ID CVE-2026-21877 Weaknesses Weakness CWE-434 Credits @theolelasseux theolelasseux Reporter ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================