Tag
#Arbitrary Command Execution
Critical Vulnerability in n8n Execute Command Node Allows Arbitrary Command Execution
A critical vulnerability, CVE-2025-71380, with a CVSS score of 8.8, was discovered in the Execute Command node of n8n, a workflow automation tool. This vulnerability allows authenticated users to execute arbitrary commands on the host system, potentially leading to data exfiltration, service disruption, or complete system compromise. The vulnerability affects n8n versions up to 1.114.4 and has not been reported as actively exploited. Immediate patching or mitigation is recommended.
Critical Vulnerability in vscode-java Extension Allows Arbitrary Command Execution
A critical vulnerability, CVE-2026-12856, with a CVSS score of 8.8, was found in the vscode-java extension for Visual Studio Code. This flaw allows a malicious Java file to include hidden commands that can be executed when a user clicks a specially crafted link in a JavaDoc hover popup, potentially leading to full system compromise in trusted workspaces. The vulnerability is currently not actively exploited but requires immediate attention due to its high severity and potential impact. Affected products include Red Hat OpenShift Dev Spaces. Users are advised to apply patches or updates as soon as possible.