CVE-2026-25049 n8n Vulnerability
A newly disclosed security vulnerability in the n8n workflow automation platform allows for arbitrary system command execution under certain conditions. The flaw is tracked as CVE-2026-25049 and carries a CVSS score of 9.4, reflecting its critical severity. If exploited successfully, the issue enables attackers to execute system-level commands on the server hosting n8n.
Table of Contents
Bypass of a Previously Patched Vulnerability
CVE-2026-25049 stems from insufficient sanitization that bypasses protections introduced to remediate CVE-2025-68613 (CVSS 9.9), a critical vulnerability patched in December 2025. Subsequent analysis has shown that the newer CVE is effectively a bypass of the original fix rather than a wholly distinct issue. Researchers have demonstrated that both flaws allow attackers to escape n8n’s expression sandbox and circumvent existing security checks. Following the earlier disclosure, additional weaknesses in expression evaluation were also identified and addressed.
Attack Prerequisites and Exploitation Mechanics
Any authenticated user with permission to create or modify workflows can exploit the vulnerability. By injecting crafted expressions into workflow parameters, it becomes possible to trigger unintended system command execution. A particularly dangerous scenario involves creating a workflow that exposes a publicly accessible webhook without authentication. By embedding a single line of JavaScript using destructuring syntax, attackers can cause the workflow to execute system commands. Once such a workflow is activated, any external party can trigger the webhook and execute commands remotely.
The severity escalates further when combined with n8n’s webhook functionality, which allows malicious workflows to be exposed publicly. In such cases, exploitation does not require elevated privileges beyond workflow creation, underscoring the risk summarized by researchers as: if workflow creation is permitted, full server compromise is achievable.
Root Cause: Type Enforcement Gaps and Runtime Abuse
The vulnerability arises from gaps in n8n’s sanitization mechanisms and a fundamental mismatch between TypeScript’s compile-time type system and JavaScript’s runtime behavior. While TypeScript enforces type constraints during compilation, it cannot guarantee these constraints for attacker-controlled values introduced at runtime. By supplying non-string values such as objects or arrays, attackers can bypass sanitization logic that assumes string-only input, effectively neutralizing critical security controls.
Potential Impact on Systems and Data
Successful exploitation may lead to full server compromise. Attackers could steal credentials, exfiltrate sensitive data, access the filesystem and internal services, pivot to connected cloud environments, and hijack artificial intelligence workflows. The ability to install persistent backdoors further increases the risk of long-term, covert access.
Affected Versions and Mitigation Guidance
The vulnerability affects n8n versions earlier than the patched releases and was discovered with contributions from ten independent security researchers. The following versions are impacted, along with recommended interim mitigations when immediate patching is not feasible:
Affected versions: n8n versions earlier than 1.123.17 and 2.5.2, where fixes have been released.
Recommended mitigations: restrict workflow creation and editing to fully trusted users, and deploy n8n in a hardened environment with constrained operating system privileges and limited network access.
This issue highlights the necessity of layered validation strategies. Compile-time guarantees must be complemented by strict runtime checks, particularly when handling untrusted input. Code reviews should focus on sanitization routines and avoid assumptions about input types that are not enforced at runtime.
Additional High-Severity n8n Vulnerabilities
Alongside CVE-2026-25049, n8n has published advisories for four additional security flaws, two of which are rated critical:
CVE-2026-25053 (CVSS 9.4): Operating system command injection in the Git node, allowing authenticated users with workflow permissions to execute commands or read arbitrary files; fixed in versions 2.5.0 and 1.123.10.
CVE-2026-25054 (CVSS 8.5): Stored cross-site scripting vulnerability in a markdown rendering component, enabling script execution with same-origin privileges and potential account takeover; fixed in versions 2.2.1 and 1.123.9.
CVE-2026-25055 (CVSS 7.1): Path traversal issue in the SSH node that can lead to file writes in unintended locations and possible remote code execution on target systems; fixed in versions 2.4.0 and 1.123.12.
CVE-2026-25056 (CVSS 9.4): Arbitrary file write vulnerability in the Merge node’s SQL Query mode, potentially resulting in remote code execution; fixed in versions 2.4.0 and 1.118.0.
Update Urgently to Reduce Risk
Given the breadth and severity of the identified vulnerabilities, updating n8n deployments to the latest available versions is strongly recommended. Prompt patching remains the most effective defense against exploitation and subsequent compromise.
