Critical Vulnerability Discovered in n8n Automation Platform
A critical security vulnerability, identified as CVE-2026-25049, has been found in the n8n automation platform. The flaw allows for potential system command execution through maliciously crafted workflows. The vulnerability has been assigned a CVSS severity score of 9.4 out of 10, indicating a critical impact that requires immediate attention from users.
- The vulnerability is a bypass of a previous fix for a similar critical issue, CVE-2025-68613, that was addressed in December 2025. This new exploit uses different techniques to get around the initial safeguards, highlighting a persistent challenge in securing the platform's expression evaluation engine. - At its core, the flaw allows an authenticated user to escape a "sandbox" environment that is supposed to safely execute workflow expressions. By crafting a malicious expression, an attacker can break out of these restrictions and run commands directly on the server hosting the n8n instance. - The exploit leverages a technical flaw where the system's sanitization checks are bypassed through methods like JavaScript destructuring or type confusion, where the code's runtime behavior doesn't match what's expected. This allows an attacker to access powerful underlying Node.js functions to execute system commands. - The primary and most urgent recommendation from n8n and security researchers is to upgrade to a patched version. The specific fixed versions are 1.123.17 and 2.5.2. - Security firm Endor Labs, one of the discoverers of the vulnerability, recommends several additional security measures for n8n instances. These include implementing strong authentication like Multi-Factor Authentication (MFA), enforcing strict access controls with the principle of least privilege, and isolating the n8n instance from other critical systems using containers and network segmentation. - The risk is significantly amplified when a malicious workflow is connected to a public-facing webhook that requires no authentication. In this scenario, an external and unauthenticated attacker could trigger the workflow and execute commands, leading to a full server compromise. - An attacker successfully exploiting this vulnerability could gain complete control over the n8n server. This would allow them to steal sensitive credentials stored within n8n (like API keys and database passwords), access connected cloud accounts, and use the server as a pivot point to move laterally within a private network. - For those unable to immediately update their n8n instance, temporary mitigation strategies have been suggested. These include strictly limiting permissions for creating and editing workflows to only highly trusted users and hardening the server environment by restricting its operating system privileges and network access.
