Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged
Permalink CVE-2026-25053
created 2 months, 2 weeks ago
n8n is Vulnerable to OS Command Injection in Git Node

n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been patched in versions 1.123.10 and 2.5.0.

Affected products

n8n
  • ==< 2.5.0
  • ==< 1.123.10

Matching in nixpkgs

pkgs.n8n

Free and source-available fair-code licensed workflow automation tool

  • nixos-unstable -
  • nixos-25.11 1.120.4

pkgs.n8n-nodes-carbonejs

n8n community node for rendering Word templates using Carbone.js

  • nixos-unstable -

Package maintainers