GHSA-365g-vjw2-grx8: 
JavaScript vulnerability analysis and mitigation

The Execute Command node vulnerability in n8n (GHSA-365g-vjw2-grx8) was disclosed on October 8, 2025. This security issue affects all n8n versions up to 1.114.4 and n8n-nodes-base versions up to 1.113.0. The vulnerability allows authenticated users to execute arbitrary commands on the host system where n8n runs, presenting a significant security risk in environments where not all users are fully trusted. Notably, n8n.cloud deployments are not affected by this vulnerability (GitHub Advisory).

The vulnerability has been assigned a CVSS v3.1 score of 8.8 (High), with the following metrics: Attack Vector: Network, Attack Complexity: Low, Privileges Required: Low, User Interaction: None, Scope: Unchanged, and High impact on Confidentiality, Integrity, and Availability. The vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command) and CWE-284 (Improper Access Control) (GitHub Advisory).

The vulnerability can lead to severe consequences including data exfiltration, service disruption, or full system compromise. While the Execute Command node functionality is intended for advanced automation, it becomes a security risk when access to the n8n instance isn't strictly controlled. The impact is particularly significant in environments where user accounts are not thoroughly vetted or when legitimate accounts become compromised (GitHub Advisory).

No direct patches have been released to modify the Execute Command node's behavior. However, administrators can mitigate the risk by disabling the Execute Command node using the environment variable: export NODES_EXCLUDE: "["n8n-nodes-base.executeCommand"]". This is recommended in environments where the node is not explicitly required. Future versions of n8n may modify the default availability of this node (GitHub Advisory).