CVE-2026-21893 | n8n-io n8n up to 1.120.2 Community Package Installation os command injection (GHSA-7c4h-vh2m-743m)

Inserito da Angelo Barbosa | Feb 4, 2026 | CVE

A vulnerability marked as critical has been reported in n8n-io n8n up to 1.120.2. The affected element is an unknown function of the component Community Package Installation Handler. This manipulation causes os command injection.

This vulnerability appears as CVE-2026-21893. The attack may be initiated remotely. There is no available exploit.

It is suggested to upgrade the affected component.

CVE-2026-21893 | n8n-io n8n up to 1.120.2 Community Package Installation os command injection (GHSA-7c4h-vh2m-743m)

Post correlati

CVE-2025-49513 | Moodle Login Page credentials storage

CVE-2025-4849 | TOTOLINK N300RH 6.1c.1390_B20191101 /cgi-bin/cstecgi.cgi CloudACMunualUpdateUserdata url command injection

CVE-2024-8732 | Roles & Capabilities Plugin up to 1.1.9 on WordPress cross site scripting

CVE-2023-49133 | TP-Link AC1350/N300 enable_test_mode unknown vulnerability (TALOS-2023-1862)