SCA: security update for n8n (GHSA-xgp7-7qjq-vg47)

high Tenable Cloud Security Plugin ID 435887

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution
vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n.
When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the
Commit operation in the Git Node can inadvertently trigger the hook’s execution. This allows attackers to
execute arbitrary code within the n8n environment, potentially compromising the system and any connected
credentials or workflows. This vulnerability is fixed in 1.113.0. (CVE-2025-62726)

See Also

https://github.com/advisories/GHSA-xgp7-7qjq-vg47

Plugin Details

Severity: High

ID: 435887

Version: Revision 1.11

Type: Local

Family: SCA Checks

Published: 10/30/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.87

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-62726

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/30/2025

Vulnerability Publication Date: 10/30/2025

Reference Information

CVE: CVE-2025-62726

cwe: CWE-829