Time-of-check Time-of-use (TOCTOU) Race Condition in n8n - #VU137169
Published: July 8, 2026
n8n
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to a time-of-check time-of-use race condition in the Git node clone operation when cloning a repository. A remote user can swap a directory for a symlink after path validation to execute arbitrary code.
Exploitation requires the ability to create and run workflows using the Git node, and the planted repository is loaded as a custom node on the next restart.