A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands.
The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypasses safeguards put in place to address CVE-2025-68613 (CVSS score: 9.9), another critical defect that was patched by n8n in December 2025.
“Additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613,” n8n’s maintainers said in an advisory released Wednesday.
“An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n.”
The issue affects the following versions –
<1.123.17 (Fixed in 1.123.17)
<2.5.2 (Fixed in 2.5.2)
As many as 10 security researchers, including Fatih Çelik, who reported the original bug CVE-2025-68613, as well as Endor Labs’ Cris Staicu, Pillar Security’s Eilon Cohen, and SecureLayer7’s Sandeep Kamble, have been acknowledged for discovering the shortcoming.
“An attacker creates a workflow with a publicly accessible webhook that has no authentication enabled,” SecureLayer7 said. “By adding a single line of JavaScript using destructuring syntax, the workflow can be abused to execute system-level commands. Once exposed, anyone on the internet can trigger the webhook and run commands remotely.”
Successful exploitation of the vulnerability could allow an attacker to compromise the server, steal credentials, and exfiltrate sensitive data, not to mention open up opportunities for threat actors to install persistent backdoors to facilitate long-term access.
The cybersecurity company also noted that the severity of the flaw significantly increases when it’s paired with n8n’s webhook feature, permitting an adversary to create a workflow using a public webhook and add a remote code execution payload to a node in the workflow, causing the webhook to be publicly accessible once the workflow is activated.
Pillar’s report has described the issue as permitting an attacker to steal API keys, cloud provider keys, database passwords, OAuth tokens, and access the filesystem and internal systems, pivot to connected cloud accounts, and hijack artificial intelligence (AI) workflows.
“The attack requires nothing special. If you can create a workflow, you can own the server,” Cohen said.
Endor Labs, which also shared details of the vulnerability, said the problem arises from gaps in n8n’s sanitization mechanisms that allow for bypassing security controls.
“The vulnerability arises from a mismatch between TypeScript’s compile-time type system and JavaScript’s runtime behavior,” Staicu explained. “While TypeScript enforces that a property should be a string at compile time, this enforcement is limited to values that are present in the code during compilation.”
“TypeScript cannot enforce these type checks on runtime attacker-produced values. When attackers craft malicious expressions at runtime, they can pass non-string values (such as objects, arrays, or symbols) that bypass the sanitization check entirely.”
If immediate patching is not an option, users are advised to follow the workarounds below to minimize the impact of potential exploitation –
Restrict workflow creation and editing permissions to fully trusted users only
Deploy n8n in a hardened environment with restricted operating system privileges and network access
“This vulnerability demonstrates why multiple layers of validation are crucial. Even if one layer (TypeScript types) appears strong, additional runtime checks are necessary when processing untrusted input,” Endor Labs said. “Pay special attention to sanitization functions during code review, looking for assumptions about input types that aren’t enforced at runtime.”
📰 Original Source:TheHackerNews ✍️ Author: info@thehackernews.com (The Hacker News)
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Leave a Reply