Critical n8n Vulnerability (CVE-2026-25049) Allows System Command Execution via Malicious Workflows
A significant security vulnerability has been identified in the n8n workflow automation platform, potentially enabling authenticated users to execute arbitrary system commands on the host server. This flaw, designated as CVE-2026-25049 with a CVSS score of 9.4, arises from insufficient input sanitization, allowing attackers to bypass existing security measures.
Background on n8n:
n8n is an open-source workflow automation tool that facilitates the integration of various applications and services, streamlining complex processes. Its flexibility and user-friendly interface have made it a popular choice among developers and organizations seeking efficient automation solutions.
Details of the Vulnerability:
The core issue lies in the platform’s expression evaluation mechanism. Authenticated users with permissions to create or modify workflows can craft specific expressions within workflow parameters, leading to unintended system command execution on the server hosting n8n. This vulnerability affects versions prior to 1.123.17 and 2.5.2.
Discovery and Reporting:
The vulnerability was brought to light by a collaborative effort involving ten security researchers, including Fatih Çelik, who had previously reported a related flaw (CVE-2025-68613) in December 2025. Other notable contributors include Cris Staicu from Endor Labs, Eilon Cohen from Pillar Security, and Sandeep Kamble from SecureLayer7.
Technical Insights:
In a detailed analysis, Çelik highlighted that CVE-2026-25049 can be viewed as a bypass of the earlier CVE-2025-68613 fix. Both vulnerabilities exploit weaknesses in n8n’s expression sandbox mechanism, allowing attackers to circumvent security checks. SecureLayer7 demonstrated that by creating a workflow with a publicly accessible webhook and inserting a single line of JavaScript using destructuring syntax, an attacker can execute system-level commands remotely.
Potential Impact:
Exploiting this vulnerability could lead to severe consequences, including:
– Server Compromise: Attackers can gain control over the server hosting n8n.
– Data Theft: Unauthorized access to sensitive information such as API keys, cloud provider credentials, database passwords, and OAuth tokens.
– Persistent Backdoors: Installation of backdoors for prolonged unauthorized access.
– Lateral Movement: Potential to pivot to connected cloud accounts and hijack AI workflows.
Recommendations and Mitigation:
To address this critical vulnerability, users are strongly advised to:
1. Update n8n: Upgrade to versions 1.123.17 or 2.5.2, where the issue has been patched.
2. Restrict Workflow Permissions: Limit the ability to create or modify workflows to trusted users only.
3. Disable Public Webhooks: Avoid exposing webhooks to the public internet to reduce the attack surface.
4. Monitor System Activity: Regularly review logs and system activities for any signs of unauthorized access or anomalies.
Conclusion:
The discovery of CVE-2026-25049 underscores the importance of continuous vigilance and prompt action in the realm of cybersecurity. Organizations utilizing n8n must prioritize updating their systems and implementing robust security practices to safeguard against potential exploits.
