CVE-2026-25049
published 2026-02-04CVE-2026-25049: n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows…
PriorityP264critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
1.20%
64.2th percentile
n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue has been patched in versions 1.123.17 and 2.5.2.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| n8n-io | n8n | < 1.123.17 | 1.123.17 |
| n8n-io | n8n | < 2.5.2 | 2.5.2 |
| n8n | n8n | < 1.123.17 | 1.123.17 |
| n8n | n8n | >= 0 < 1.123.17 | 1.123.17 |
| n8n | n8n | >= 2.0.0 < 2.5.2 | 2.5.2 |
| n8n | n8n | >= 2.0.0 < 2.5.2 | 2.5.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor n8n workflow creation/modification events by authenticated users for expressions containing type-confusion patterns — specifically non-string keys in property accesses — which bypass sanitization controls. ↗
- →Review stored n8n workflows for suspicious expressions that attempt to access the filesystem, execute system commands, or exfiltrate credentials/API keys/OAuth tokens. ↗
- →Monitor for scanning/probing activity targeting exposed n8n endpoints, particularly requests referencing /proc filesystem paths, which indicate post-exploitation interest. ↗
- →Alert on GreyNoise-flagged probing of n8n endpoints: at least 33,000 requests were logged between January 27 and February 3 targeting exposed n8n instances. ↗
- ·Patched versions are 1.123.17 and 2.5.2; all prior versions of both branches are vulnerable to this sandbox escape RCE. ↗
- ·The vulnerability requires only authenticated access with workflow create/edit permissions — no elevated privileges needed — making the attack surface broad in multi-tenant deployments. ↗
- ·Public PoC exploits exist from both Endor Labs and SecureLayer7, significantly lowering the bar for exploitation. ↗
CVSS provenance
nvdv3.19.9CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvdv4.09.4CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ghsa8.8HIGH
osv8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
n8n Has Expression Escape Vulnerability Leading to RCE
osv·2026-02-04·CVSS 8.8
CVE-2026-25049 [HIGH] n8n Has Expression Escape Vulnerability Leading to RCE
n8n Has Expression Escape Vulnerability Leading to RCE
### Impact
Additional exploits in the expression evaluation of n8n have been identified and patched following [CVE-2025-68613](https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp).
An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n.
### Patches
The issue has been fixed in n8n versions 1.123.17 and 2.5.2. Users should upgrade to these versions or later to remediate the vulnerability.
### Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
- Limit workflow creation and editing permissions to fully trust
GHSA
n8n Has Expression Escape Vulnerability Leading to RCE
ghsa·2026-02-04·CVSS 8.8
CVE-2026-25049 [HIGH] CWE-913 n8n Has Expression Escape Vulnerability Leading to RCE
n8n Has Expression Escape Vulnerability Leading to RCE
### Impact
Additional exploits in the expression evaluation of n8n have been identified and patched following [CVE-2025-68613](https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp).
An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n.
### Patches
The issue has been fixed in n8n versions 1.123.17 and 2.5.2. Users should upgrade to these versions or later to remediate the vulnerability.
### Workarounds
If upgrading is not immediately possible, administrators should consider the following temporary mitigations:
- Limit workflow creation and editing permissions to fully trust
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Critical n8n flaws disclosed along with public exploits
blogs_bleepingcomputer·2026-02-04·CVSS 9.9
CVE-2026-25049 [CRITICAL] Critical n8n flaws disclosed along with public exploits
## Critical n8n flaws disclosed along with public exploits
## Bill Toulas
Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server.
Collectively tracked as CVE-2026-25049, the issues can be exploited by any authenticated user who can create or edit workflows on the platform to perform unrestricted remote code execution on the n8n server.
Researchers at several cybersecurity companies reported the problems, which stem from n8n's sanitization mechanism and bypass the patch for CVE-2025-68613 , another critical flaw addressed on December 20.
According to Pillar Security, exploiting CVE-2026-25049 enables complete compromise of the n8n instance and could be le
Wiz
CVE-2026-25049 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.4
CVE-2026-25049 [CRITICAL] CVE-2026-25049 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25049 :
NixOS vulnerability analysis and mitigation
n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue has been patched in versions 1.123.17 and 2.5.2.
Source : NVD
## 9.4
Score
Published February 4, 2026
Severity CRITICAL
CNA Score 9.4
Affected Technologies
NixOS
n8n
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
n8n
Sources
NVD
npm Severity CRITICAL H
2026-02-04
Published