Critical n8n flaws disclosed along with public exploits
Authenticated users who can create or edit n8n workflows can escape sandboxes to achieve remote code execution and full server takeover (CVE-2026-25049).
Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution
Two eval injection vulnerabilities in n8n allow authenticated users to bypass sandboxes and achieve remote code execution, enabling full instance compromise.
