## https://sploitus.com/exploit?id=6A750595-6B5D-5571-89BF-127D70386647
# N8N Remote Code Execution CVE-2025-62726 POC/Exploit
This vulnerability is in n8n's Git node. It is possible to execute arbitrary commands by setting a custom pre-commit hook via Git config.
# Exploit steps
1. Fork the payload repository https://github.com/Malayke/CVE-2025-62726-payload-repo and change command in repository's `githooks/pre-commit` file.
2. Create a new n8n workflow.
3. Import the [crafted workflow JSON file](n8n-CVE-2025-62726-exploit-workflow.json).
4. change repository address `https://github.com/Malayke/CVE-2025-62726-payload-repo` in [crafted workflow JSON file](n8n-CVE-2025-62726-exploit-workflow.json) to your forked repository.
4. Run the workflow.
5. Capture command execution output using Burp Suite Collaborator or any other OAST tool.
# References
- [NVD entry for CVE-2025-62726](https://nvd.nist.gov/vuln/detail/CVE-2025-62726)
- [n8n commit fixing the vulnerability](https://github.com/n8n-io/n8n/commit/5bf3db5ba84d3195bbe11bbd3c62f7086e090997)
- [n8n security advisory GHSA-xgp7-7qjq-vg47](https://github.com/n8n-io/n8n/security/advisories/GHSA-xgp7-7qjq-vg47)