n8n has released urgent security updates to address a critical vulnerability that exposes host systems to Remote Code Execution (RCE).
Tracked as CVE-2026-25049, this flaw allows authenticated attackers to escape the expression evaluation sandbox and execute arbitrary system commands, potentially leading to a complete compromise of the underlying infrastructure.
This disclosure comes shortly after the remediation of a similar issue (CVE-2025-68613), indicating that researchers have identified additional vectors for bypassing the initial protections in the expression engine.
Vulnerability Details and Impact
The vulnerability resides in how n8n processes data expressions within workflow parameters.
Specifically, the mechanism fails to properly sanitize or escape input, allowing an attacker to inject malicious code that the server executes as a system command.
Critically, while this vulnerability requires authentication, the privilege barrier is low. Any user with permissions to create or modify workflows a common role in development and operations teams can exploit this flaw.
By crafting a specific expression payload, an attacker can break out of the n8n application context and interact directly with the host operating system.
Given n8n’s role as an orchestration layer connecting various APIs, databases, and third-party services, a successful RCE here often grants attackers access to sensitive credentials, API keys, and internal network resources.
| Feature | Details |
|---|---|
| CVE ID | CVE-2026-25049 |
| Severity | Critical (CVSS 4.0 Score: High/Critical) |
| Affected Versions | versions < 1.123.17 and < 2.5.2 |
| Patched Versions | 1.123.17, 2.5.2 |
| CVSS v4 Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
| Attack Vector | Network |
| Privileges Required | Low (Authenticated user) |
It is notable that n8n has adopted CVSS 4.0 as its primary scoring standard for this advisory.
The vulnerability holds a High impact rating across Confidentiality, Integrity, and Availability for both the vulnerable system and subsequent systems (SC:H/SI:H/SA:H).
This reflects the reality that compromising an automation server often leads to lateral movement into connected environments.
The development team has released patched versions 1.123.17 and 2.5.2. Administrators are strongly advised to upgrade immediately.
If an immediate upgrade is not feasible due to operational constraints, the following temporary mitigations are recommended:
- Restrict Access: Limit workflow creation and editing permissions strictly to fully trusted personnel.
- Environment Hardening: Ensure the n8n instance runs with minimal OS privileges and restricted network egress rules to limit the blast radius of a potential compromise.
This vulnerability was reported by a coalition of security researchers, including fatihhcelik, eilonc-pillar, cristianstaicu, sandeepl337, and others, highlighting the active scrutiny the platform is currently undergoing by the security community.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google