CVE-2025-62726HIGH 8.8EPSS p49.3%

CVE-2025-62726CVE-2025-62726

Description

n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigger the hook’s execution. This allows attackers to execute arbitrary code within the n8n environment, potentially compromising the system and any connected credentials or workflows. This vulnerability is fixed in 1.113.0.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.73% probability of exploitation · percentile 49.3% · 2026-06-18T12:00:27Z
Published2025-10-30
Last modified2025-12-31

Underlying weaknesses· 1

CWE-829

References

  1. https://github.com/n8n-io/n8n/commit/5bf3db5ba84d3195bbe11bbd3c62f7086e090997
  2. https://github.com/n8n-io/n8n/pull/19559
  3. https://github.com/n8n-io/n8n/security/advisories/GHSA-xgp7-7qjq-vg47

1

TypeTargetConfidenceTier
WeaknessInclusion of Functionality from Untrusted Control Spherecwe-8290%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-65964
CVE
CVE-2026-21877
CVE
CVE-2026-25053
CVE
CVE-2026-27498
CVE
CVE-2026-25055
CVE
CVE-2026-25115
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.