The vulnerability CVE-2026-33724 affects n8n, an open-source workflow automation platform, specifically versions prior to 2.5.0 when the Source Control feature is enabled and configured to use SSH for git operations. In these versions, the SSH command explicitly disables host key verification, a critical security step that ensures the authenticity of the remote Git server. Without host key verification, a network attacker positioned between the n8n instance and the Git server can perform a man-in-the-middle (MITM) attack by presenting a fraudulent SSH host key. This enables the attacker to intercept or manipulate the git communication channel. Potential impacts include injecting malicious code or workflows into the repository, which could then be executed by the n8n platform, or exfiltrating sensitive repository data. The vulnerability is classified under CWE-639 (Authorization Bypass Through User-Controlled Key), highlighting the risk of unauthorized access due to improper validation of SSH keys. Exploitation does not require authentication or user interaction but does require the Source Control feature to be explicitly enabled and configured to use SSH, which is not the default setting. The issue was publicly disclosed on March 25, 2026, and fixed in n8n version 2.5.0. Until upgrading, recommended mitigations include disabling the Source Control feature if not needed and restricting network access to ensure communication with the Git server occurs only over trusted and controlled network paths. These mitigations reduce but do not eliminate the risk. No known exploits are reported in the wild as of the publication date. The CVSS v4.0 base score is 6.3, reflecting a medium severity with network attack vector, high attack complexity, and partial impact on confidentiality and integrity.

This vulnerability poses a significant risk to organizations using n8n with the Source Control feature enabled over SSH. Successful exploitation allows an attacker to perform man-in-the-middle attacks, potentially injecting malicious workflows that could execute arbitrary actions within the automation platform. This can lead to unauthorized data access, manipulation of automated processes, and potential lateral movement within the network. Confidentiality is impacted by possible interception of repository data, and integrity is compromised by unauthorized code injection. Availability is less directly affected but could be impacted if malicious workflows disrupt normal operations. Organizations relying on automated workflows for critical business processes or sensitive data handling are at higher risk. The attack requires network positioning capabilities, which may limit exposure to attackers with internal network access or those able to intercept traffic on public or poorly secured networks. However, the lack of authentication or user interaction requirements lowers the barrier for exploitation once the network position is achieved. Overall, the vulnerability could lead to significant operational disruption, data breaches, and erosion of trust in automated workflows if exploited.

1. Upgrade n8n to version 2.5.0 or later immediately, as this version includes the fix that enforces SSH host key verification for Source Control git operations. 2. If upgrading is not immediately feasible, disable the Source Control feature entirely if it is not actively required to eliminate the attack surface. 3. Restrict network access so that the n8n instance communicates with the Git server only over trusted, controlled network paths such as VPNs or private networks, minimizing the risk of man-in-the-middle attacks. 4. Implement network monitoring and intrusion detection systems to detect unusual SSH or git traffic patterns that may indicate interception attempts. 5. Regularly audit and verify the integrity of workflows and repository contents to detect unauthorized changes promptly. 6. Educate administrators about the risks of disabling SSH host key verification and encourage strict adherence to secure SSH practices in all automated processes. 7. Consider deploying SSH bastion hosts or jump servers that enforce strict host key verification policies as intermediaries for git operations. These steps collectively reduce the risk of exploitation and help maintain the integrity and confidentiality of automated workflows.