CVE-2025-71380 HIGH

CVE-2025-71380: n8n - Arbitrary Command Execution via Execute Command Node

Vendor N8N
Product n8n
Weakness CWE-284
Published July 4, 2026
Last update July 4, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or complete system compromise.

Key dates

02Disclosure timeline

July 4, 2026 CVE published