#n8n

#n8n

The vulnerabilities, collectively tracked as CVE-2026-25049, stem from weaknesses in how n8n sanitizes expressions inside workflows and could enable authenticated users to smuggle malicious code past safeguards introduced to fix CVE-2025-68613, a December 2025 vulnerability that already carried a near-perfect severity score. The new flaws carry a CVSS rating of 9.4, though some researchers argue the real-world impact could be even worse.

Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server. Collectively tracked as CVE-2026-25049, the issues can be exploited by any authenticated user who can create or edit workflows on the platform to perform unrestricted remote code execution on the n8n server. Researchers at several cybersecurity companies reported the problems, which stem from n8n's sanitization mechanism and bypass the patch for CVE-2025-68613, another critical flaw addressed on December 20.

The vulnerability arises from a so-called "Content-Type Confusion" in n8n's webhook processing. Webhooks are the starting point for workflows and capture incoming data from forms, chat messages, and WhatsApp notifications. By manipulating the Content-Type header, an attacker can overwrite the req.body.files variable and thus read arbitrary files from the system. The researchers demonstrated how the vulnerability can escalate to Remote Code Execution.

For years, automation has promised to make our lives easier - and to some extent, it has. But in 2025, things feel different. Traditional automation resembles a giant "if-else" statement that struggles to adapt to diverse situations. Agentic AI changes that narrative by enabling workflows to adjust and optimize themselves for countless scenarios that were difficult for older automation tools. In October 2025, OpenAI launched its AgentKit tool for building AI agents, and let me tell you, it is glorious!