"N8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution. According to the maintainers of the workflow automation platform, the vulnerability could be weaponized by an authenticated attacker to execute arbitrary code with the privileges of the n8n process."
"Successful exploitation of the flaw could result in a complete compromise of the instance, enabling the attacker to access sensitive data, modify workflows, or execute system-level operations. Data from the Shadowserver Foundation shows that there are more than 24,700 unpatched instances exposed online, with more than 12,300 of them located in North America and 7,800 in Europe as of early February 2026."
"The addition of CVE-2025-68613 comes as Pillar Security disclosed two critical flaws in n8n, one of which CVE-2026-27577 (CVSS score: 9.4) has been classified as 'additional exploits' discovered in the workflow expression evaluation system following CVE-2025-68613."
CISA has cataloged CVE-2025-68613, a critical vulnerability in n8n workflow automation platform with a 9.9 CVSS score, marking the first n8n flaw in the Known Exploited Vulnerabilities catalog. The expression injection vulnerability allows authenticated attackers to execute arbitrary code with n8n process privileges, potentially compromising entire instances and enabling access to sensitive data, workflow modification, and system-level operations. N8n patched the flaw in December 2025 across versions 1.120.4, 1.121.1, and 1.122.0. Over 24,700 unpatched instances remain exposed online, with 12,300 in North America and 7,800 in Europe. Federal agencies must patch by March 25, 2026, per binding directive requirements.
#n8n-vulnerability #remote-code-execution #expression-injection #cisa-kev-catalog #workflow-automation-security
Read at thehackernews.com
Unable to calculate read time
Collection
[
|
...
]