Home > Vulnerability Database > CVE-2025-62726

Mend.io Vulnerability Database

CVE-2025-62726

Good to know:

Date: October 30, 2025

n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigger the hook’s execution. This allows attackers to execute arbitrary code within the n8n environment, potentially compromising the system and any connected credentials or workflows. This vulnerability is fixed in 1.113.0.

Severity Score

8.8

Related Resources (6)

Url: https://github.com/n8n-io/n8n/commit/5bf3db5ba84d3195bbe11bbd3c62f7086e090997

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-62726

Url: https://github.com/n8n-io/n8n/pull/19559

Url: https://github.com/n8n-io/n8n/security/advisories/GHSA-xgp7-7qjq-vg47

Url: https://github.com/n8n-io/n8n

Url: https://www.mend.io/vulnerability-database/CVE-2025-62726

Severity Score

8.8

Weakness Type (CWE)

Inclusion of Functionality from Untrusted Control Sphere

CWE-829

Top Fix

Upgrade Version

Upgrade to version n8n - 1.113.0;https://github.com/n8n-io/n8n.git - n8n@1.113.0

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-62726

Good to know:

Date: October 30, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?