Critical RCE Vulnerability in n8n Workflow Automation Platform Disclosed (CVE-2026-25049)
A newly disclosed critical vulnerability, CVE-2026-25049, in the n8n workflow automation platform enables authenticated users to execute arbitrary system commands on the underlying server. With a CVSS score of 9.4, the flaw stems from insufficient input sanitization in n8n’s expression evaluation mechanism, allowing attackers to bypass security controls and achieve remote code execution (RCE).
The vulnerability was identified as a bypass of CVE-2025-68613, a prior critical flaw (CVSS 9.9) patched in December 2025. Despite earlier fixes, researchers discovered additional exploitation paths in n8n’s expression handling logic. According to n8n’s advisory, an authenticated user with workflow modification permissions could craft malicious expressions to escape the platform’s sandbox and execute commands on the host system.
Affected Versions & Mitigation
The flaw impacts all n8n versions prior to 1.123.17 and 2.5.2. Patches have been released in these versions, and users are urged to upgrade immediately. For organizations unable to update, temporary workarounds include restricting workflow permissions to trusted users and deploying n8n in a hardened environment with limited OS privileges. However, n8n maintains that these measures are not a complete fix and should only be used short-term.
Technical Details & Impact
Under CVSS 3.1, the vulnerability is rated AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating low attack complexity, network-based exploitation, and high impact on confidentiality, integrity, and availability. A successful exploit could allow attackers to compromise servers, steal credentials, exfiltrate data, or install backdoors for persistent access.
The discovery involved contributions from ten security researchers, including Fatih Çelik (who also reported CVE-2025-68613) and experts from Endor Labs, Pillar Security, and SecureLayer7. Çelik noted that the two CVEs could be considered the same issue, as CVE-2026-25049 merely bypasses the initial patch.
The advisory was published under GitHub Security Advisory GHSA-6cqr-8cfr-67f8, affecting the n8n npm package. No active exploitation has been reported, but the severity underscores the urgency of applying patches.
Source: https://thecyberexpress.com/critical-n8n-vulnerability-cve-2026-25049-rce/
n8n cybersecurity rating report: https://www.rankiteo.com/company/n8n
"id": "N8N1770287879",
"linkid": "n8n",
"type": "Vulnerability",
"date": "2/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Workflow Automation',
'name': 'n8n',
'type': 'Software Platform'}],
'attack_vector': 'Network',
'data_breach': {'data_exfiltration': 'Possible',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Credentials, sensitive data'},
'description': 'A newly disclosed critical vulnerability, CVE-2026-25049, in '
'the n8n workflow automation platform enables authenticated '
'users to execute arbitrary system commands on the underlying '
'server. The flaw stems from insufficient input sanitization '
'in n8n’s expression evaluation mechanism, allowing attackers '
'to bypass security controls and achieve remote code execution '
'(RCE). The vulnerability was identified as a bypass of '
'CVE-2025-68613, a prior critical flaw patched in December '
'2025.',
'impact': {'data_compromised': 'Credentials, sensitive data',
'operational_impact': 'Server compromise, backdoor installation, '
'data exfiltration',
'systems_affected': 'n8n workflow automation platform (versions '
'prior to 1.123.17 and 2.5.2)'},
'post_incident_analysis': {'corrective_actions': 'Release of patches in '
'versions 1.123.17 and '
'2.5.2, public advisory, and '
'temporary workarounds',
'root_causes': 'Insufficient input sanitization in '
'n8n’s expression evaluation '
'mechanism, bypassing prior patch '
'for CVE-2025-68613'},
'recommendations': 'Upgrade to patched versions (1.123.17 or 2.5.2) '
'immediately. Restrict workflow permissions to trusted '
'users and deploy n8n in a hardened environment with '
'limited OS privileges as a temporary workaround.',
'references': [{'source': 'GitHub Security Advisory',
'url': 'GHSA-6cqr-8cfr-67f8'}],
'response': {'communication_strategy': 'Public advisory under GitHub Security '
'Advisory GHSA-6cqr-8cfr-67f8',
'containment_measures': 'Upgrade to patched versions (1.123.17 '
'or 2.5.2), restrict workflow '
'permissions to trusted users, deploy '
'n8n in a hardened environment with '
'limited OS privileges',
'remediation_measures': 'Patches released in versions 1.123.17 '
'and 2.5.2'},
'title': 'Critical RCE Vulnerability in n8n Workflow Automation Platform '
'Disclosed (CVE-2026-25049)',
'type': 'Remote Code Execution (RCE)',
'vulnerability_exploited': 'CVE-2026-25049 (insufficient input sanitization '
'in expression evaluation mechanism)'}