#workflow-automation-security

[ follow ]
#remote-code-execution #n8n-vulnerability #expression-injection #cisa-kev-catalog #n8n-vulnerabilities
Information security
fromthehackernews.com
1 week ago

CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed

CISA added a critical n8n vulnerability (CVE-2025-68613) with a 9.9 CVSS score to its Known Exploited Vulnerabilities catalog due to active exploitation, enabling remote code execution through expression injection in authenticated users.
Information security
fromThe Hacker News
1 week ago

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Two critical vulnerabilities in n8n workflow automation platform enable arbitrary command execution through sandbox escape and unauthenticated expression evaluation, affecting both self-hosted and cloud deployments.
fromTheregister
1 month ago

n8n's latest critical flaws bypass December fix

The vulnerabilities, collectively tracked as CVE-2026-25049, stem from weaknesses in how n8n sanitizes expressions inside workflows and could enable authenticated users to smuggle malicious code past safeguards introduced to fix CVE-2025-68613, a December 2025 vulnerability that already carried a near-perfect severity score. The new flaws carry a CVSS rating of 9.4, though some researchers argue the real-world impact could be even worse.
Information security
[ Load more ]