Critical n8n Vulnerabilities Exposed with Public Exploits

A set of severe security flaws in the widely used n8n workflow automation platform can be exploited to break out of its security environment and seize total control of the underlying server. Tracked as CVE-2026-25049, these vulnerabilities enable any user with permissions to create or edit workflows to execute arbitrary remote code on the n8n server, leading to a full system compromise.

Cybersecurity researchers from multiple firms identified the issues, which involve weaknesses in n8n’s sanitization process. These flaws effectively bypass the patch for a previous critical vulnerability, CVE-2025-68613, which was fixed in late December. Exploiting CVE-2026-25049 grants an attacker the ability to run any system command on the host, steal all stored credentials and API keys, access sensitive configuration files, and pivot to connected internal systems and cloud accounts. In a multi-tenant setup, this could even allow access to other tenants’ data. As one research team starkly put it, if you can create a workflow, you can own the server.

The core problem stems from incomplete AST-based sandboxing. n8n’s method for isolating user-written JavaScript expressions in workflows was found to be insufficient. Researchers demonstrated a chained bypass to the n8n team in late December, showing how to escape the sandbox and access the Node.js global object for remote code execution. While a fix was quickly implemented, further analysis revealed it was incomplete, leaving a second escape route open via a different mechanism using equivalent operations. The platform’s developers confirmed the bypass, ultimately releasing patched versions 2.4.0 and later 1.123.17 and 2.5.2 to fully address the problem.

Separate research highlighted a type-confusion vulnerability in the sanitization function. In affected versions, the function incorrectly assumed that keys in property accesses within attacker-controlled code were always strings. While this rule was defined in TypeScript typings, it was not enforced during runtime. This discrepancy allowed attackers to entirely bypass sanitization controls, opening the door to arbitrary code execution. Another team provided technical details on achieving server-side JavaScript execution using the Function constructor, noting it took over 150 attempts to refine a successful exploit after analyzing the earlier vulnerability and its patch.

Immediate action is required for all n8n users. The primary and essential step is to update the platform to the latest secure versions, which are currently 1.123.17 and 2.5.2. Security experts also strongly advise rotating the ‘N8NENCRYPTIONKEY’ and all credentials stored on the server, and reviewing existing workflows for any suspicious expressions. If an immediate update is not feasible, administrators should implement temporary workarounds: strictly limit workflow creation and editing permissions to only fully trusted users, and deploy n8n in a hardened environment with restricted OS privileges and network access to limit potential damage.

While there are no confirmed exploitations of CVE-2026-25049 in the wild yet, the platform’s increasing popularity has drawn malicious attention. Recent scanning activity targeting exposed n8n endpoints related to a separate flaw, known as Ni8mare (CVE-2026-21858), suggests growing interest. Security monitors have logged tens of thousands of probing requests, with some scans specifically looking for the /proc filesystem, a clear indicator of post-exploitation reconnaissance. This activity underscores the critical importance of applying these security patches without delay to protect automated workflows and sensitive data.

(Source: Bleeping Computer)