CVE-2026-27498 Overview
CVE-2026-27498 is a critical Remote Code Execution (RCE) vulnerability in n8n, an open source workflow automation platform. The vulnerability allows authenticated users with workflow creation or modification permissions to chain the Read/Write Files from Disk node with git operations to achieve arbitrary command execution on the n8n host server. By writing to specific configuration files (particularly within the .git directory) and then triggering a git operation, an attacker can execute arbitrary shell commands.
Critical Impact
Authenticated attackers can achieve full remote code execution on the n8n host by manipulating git configuration files through legitimate workflow features, potentially compromising the entire server and any connected systems.
Affected Products
- n8n versions prior to 2.2.0
- n8n versions prior to 1.123.8
- Any n8n deployment where users have workflow creation/modification permissions
Discovery Timeline
- February 25, 2026 - CVE-2026-27498 published to NVD
- February 25, 2026 - Last updated in NVD database
Technical Details for CVE-2026-27498
Vulnerability Analysis
This vulnerability exploits a dangerous combination of two legitimate n8n features: the Read/Write Files from Disk node and git operations. The core issue stems from insufficient access controls on file system operations, specifically allowing writes to sensitive git configuration files. When an attacker writes malicious content to .git/config or .git/hooks/ directories and subsequently triggers a git operation within a workflow, the crafted configuration or hook scripts execute with the privileges of the n8n process.
The vulnerability is classified under CWE-94 (Improper Control of Generation of Code), as it enables code injection through configuration file manipulation. The attack requires authentication and workflow creation privileges, but these are commonly granted to users in collaborative automation environments.
Root Cause
The root cause lies in the lack of file path restrictions in the Read/Write Files from Disk node. Prior to the patch, this node could write to any file accessible by the n8n process, including sensitive configuration directories like .git. Git operations in n8n workflows would then execute hooks or follow configuration directives written by the attacker, resulting in arbitrary command execution.
Attack Vector
The attack vector is network-based and requires an authenticated user with permissions to create or modify workflows. The attack chain consists of:
- Creating a workflow that uses the Read/Write Files from Disk node to write malicious content to a .git configuration file or hook script
- Triggering a git operation (such as a clone, fetch, or commit) within the same or a subsequent workflow
- The git operation executes the attacker-controlled commands with the privileges of the n8n process
The patch introduces regex-based file pattern blocking to prevent access to .git directories:
// Security patch adding blocked file pattern configuration
// Source: https://github.com/n8n-io/n8n/commit/97365caf253978ba8e46d7bc53fa7ac3b6f67b32
@Env('N8N_BLOCK_FILE_ACCESS_TO_N8N_FILES')
blockFileAccessToN8nFiles: boolean = true;
/**
* Blocked file and folder regular expression patterns that `ReadWriteFile` and `ReadBinaryFiles` nodes cant access. Separate multiple patterns with with semicolon `;`.
* - `^(.*\/)*\.git(\/.*)*$`
* Set to empty to not block based on file patterns.
*/
@Env('N8N_BLOCK_FILE_PATTERNS')
blockFilePatterns: string = '^(.*\\/)*\\.git(\\/.*)*$';
/**
* In a [security audit](https://docs.n8n.io/hosting/securing/security-audit/), how many days for a workflow to be considered abandoned if not executed.
*/
The file system helper functions were also updated to enforce these pattern restrictions:
// Implementation of file pattern blocking logic
// Source: https://github.com/n8n-io/n8n/commit/e22acaab3dcb2004e5fe0bf9ef2db975bde61866
function isFilePatternBlocked(resolvedFilePath: ResolvedFilePath): boolean {
const { blockFilePatterns } = Container.get(SecurityConfig);
return blockFilePatterns
.split(';')
.map((pattern) => pattern.trim())
.filter((pattern) => pattern)
.some((pattern) => {
try {
return new RegExp(pattern, 'mi').test(resolvedFilePath);
} catch {
return true;
}
});
}
function isFilePathBlocked(resolvedFilePath: ResolvedFilePath): boolean {
const allowedPaths = getAllowedPaths();
const blockFileAccessToN8nFiles = process.env[BLOCK_FILE_ACCESS_TO_N8N_FILES] !== 'false';
Detection Methods for CVE-2026-27498
Indicators of Compromise
- Unexpected modifications to .git/config files on the n8n host system
- Creation or modification of files within .git/hooks/ directories
- Workflow executions that include both file write operations and git operations in sequence
- Unusual process spawning from the n8n server process, particularly shell commands
Detection Strategies
- Monitor workflow logs for Read/Write Files from Disk node operations targeting paths containing .git
- Implement file integrity monitoring on git repositories accessible by the n8n process
- Audit workflow configurations for combinations of file write nodes followed by git operations
- Review n8n audit logs for users creating or modifying workflows with file system access nodes
Monitoring Recommendations
- Enable comprehensive logging for all file system operations performed by n8n workflows
- Configure alerts for any git hook execution or configuration changes on the n8n host
- Monitor process creation events from the n8n process for unexpected command execution
- Implement network monitoring for unusual outbound connections from the n8n server following workflow executions
How to Mitigate CVE-2026-27498
Immediate Actions Required
- Upgrade n8n to version 2.2.0 or 1.123.8 immediately
- Review all existing workflows for suspicious file write operations, especially targeting .git paths
- Audit user permissions and revoke workflow creation/modification access from untrusted users
- Check system logs for any evidence of past exploitation attempts
Patch Information
n8n has released security patches in versions 2.2.0 and 1.123.8. The patches introduce a new configuration option N8N_BLOCK_FILE_PATTERNS that defaults to blocking access to .git directories via a regex pattern. The fix adds the isFilePatternBlocked() function to validate file paths before allowing read/write operations.
Patch details are available in the following resources:
Workarounds
- Limit workflow creation and editing permissions to fully trusted users only
- Disable the Read/Write Files from Disk node by adding n8n-nodes-base.readWriteFile to the NODES_EXCLUDE environment variable
- Implement network segmentation to limit the impact of potential compromise
- Run n8n with minimal file system permissions and in a containerized environment
# Temporary mitigation: Disable the Read/Write Files from Disk node
export NODES_EXCLUDE="n8n-nodes-base.readWriteFile"
# Additional hardening: Set custom file pattern restrictions (post-patch)
export N8N_BLOCK_FILE_PATTERNS="^(.*\/)*\.git(\/.*)*$;^(.*\/)*\.ssh(\/.*)*$"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
