Share
## https://sploitus.com/exploit?id=416A6CC1-9B66-5015-ABD6-C85F2EB29436
# ๐Ÿšจ CVE-2026-21877 โ€” Critical RCE Vulnerability

![1767801640416](https://github.com/user-attachments/assets/7e720a3e-3a02-4558-997d-6da43fa3c966)

## ๐Ÿงฉ Overview

**CVE-2026-21877** is a **critical authenticated Remote Code Execution (RCE)** vulnerability affecting **n8n**, the popular open-source workflow automation platform.
If exploited, an attacker can execute **arbitrary code on the host system**, potentially leading to **full server compromise**.

---

## ๐Ÿ“Š Severity & Scoring

| Metric                  | Value                                                     |
| ----------------------- | --------------------------------------------------------- |
| **Severity**            | ๐Ÿ”ฅ **Critical**                                           |
| **CVSS v3 Score**       | **9.9 โ€“ 10.0**                                            |
| **Attack Vector**       | Network                                                   |
| **Privileges Required** | Low (authenticated user)                                  |
| **User Interaction**    | None                                                      |
| **Impact**              | Complete loss of confidentiality, integrity, availability |

---

## ๐Ÿ–ฅ๏ธ Affected Software

### **Product**

* **n8n** (Workflow Automation Platform)

### **Affected Versions**

* Versions **โ‰ค 0.121.2**
* Versions **> 0.123.0 and  โš ๏ธ Because n8n often integrates with internal systems, cloud APIs, and databases, the **blast radius can be significant**.

---

## ๐Ÿ›ก๏ธ Mitigation & Remediation

### โœ… **Recommended Fix (Immediate)**

* ๐Ÿ”„ **Upgrade to n8n version `1.121.3` or later**

### ๐Ÿ”ง **Temporary Workarounds**

If upgrading immediately is not possible:

* โŒ Disable the **Git node** or any nodes that perform file execution
* ๐Ÿ” Restrict workflow creation/editing to **trusted users only**
* ๐Ÿ“‰ Minimize privileges for non-admin accounts

### ๐Ÿ” **Detection & Monitoring**

* Review n8n execution logs for:

  * Unexpected command execution
  * Suspicious workflow changes
* Monitor outbound connections from the n8n host
* Watch for privilege escalation indicators on the underlying system

---

## ๐Ÿ“Œ Key Takeaways

* ๐Ÿ”‘ Exploitation **requires authentication**, but only **low-privilege access**
* ๐Ÿ”ฅ Severity is **maximum-level critical**
* ๐ŸŒ Impacts both **cloud and self-hosted** deployments
* โณ No widespread public PoC yet โ€” **patch before one appears**

---

## ๐Ÿง  Advisory Summary

> **CVE-2026-21877 allows authenticated attackers to achieve full remote code execution on vulnerable n8n instances, leading to total system compromise if left unpatched.**

---