The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or complete system compromise.
Metrics
Affected Vendors & Products
References
History
Sat, 04 Jul 2026 01:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or complete system compromise. | |
| Title | n8n - Arbitrary Command Execution via Execute Command Node | |
| First Time appeared |
N8n
N8n n8n |
|
| Weaknesses | CWE-284 | |
| CPEs | cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:* | |
| Vendors & Products |
N8n
N8n n8n |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-04T01:23:42.800Z
Reserved: 2026-06-20T13:11:44.728Z
Link: CVE-2025-71380
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-04T02:45:15Z