The threat landscape involving n8n, a popular workflow automation platform, has recently been impacted by two critical vulnerabilities: CVE-2025-68613 and its subsequent bypass, CVE-2026-25049. These vulnerabilities allow for Remote Code Execution (RCE) and can lead to full server compromise.
Vulnerability Overview
| CVE ID | Severity (CVSS) | Vulnerability Type | Requirement | Status |
|---|---|---|---|---|
| CVE-2025-68613 | 9.9 (Critical) | Expression Evaluation RCE | Authenticated (Workflow-edit) | Patched |
| CVE-2026-25049 | 9.4 (Critical) | Mitigation Bypass RCE | Authenticated / Unauthenticated* | Patched |
*Note: CVE-2026-25049 can be triggered unauthentically if a public webhook is configured with "none" authentication.
Detailed Threat Analysis
1. CVE-2025-68613: Authenticated Expression Evaluator RCE
This vulnerability stems from insufficient isolation within the n8n workflow expression evaluator. An authenticated user with privileges to create or edit workflows can inject malicious JavaScript expressions. When these expressions are evaluated by the n8n process, they execute arbitrary code with the same privileges as the n8n service.
- Impact: Attackers can steal API keys, credentials, and sensitive data stored within the platform, or use the compromised instance as a pivot point for lateral movement within the internal network.
- Affected Versions:
>= 0.211.0and< 1.120.4. - Patched Versions:
1.120.4,1.121.1, and1.122.0.
2. CVE-2026-25049: The Mitigation Bypass
This critical flaw (reported February 5, 2026) represents a novel bypass of the security controls implemented to fix CVE-2025-68613. It leverages JavaScript destructuring and arrow functions to sidestep five layers of protection, including regex-based blocklists and Abstract Syntax Tree (AST) checks.
- Technical Detail: By using destructuring, an attacker can produce
ObjectPatternAST nodes that the existing sanitizers failed to inspect. This allows the attacker to gain access to theFunctionconstructor, enabling the execution of arbitrary system commands. - Critical Risk: If a workflow uses a public webhook set to "None" for authentication, an external, unauthenticated attacker can trigger the malicious expression, leading to immediate RCE.
- Affected Versions: All versions prior to
1.123.17and2.5.2. - Patched Versions:
1.123.17and2.5.2+.
MITRE ATT&CK TTP Mapping
| ID | Technique | Context |
|---|---|---|
| T1190 | Exploit Public-Facing Application | Exploiting unauthenticated webhooks in CVE-2026-25049. |
| T1059.007 | Command and Scripting Interpreter: JavaScript | Malicious expressions evaluated within the n8n environment. |
| T1078 | Valid Accounts | Requirement of workflow-edit permissions for CVE-2025-68613. |
| T1203 | Exploitation for Client Execution | Exploiting the software's expression evaluator. |
| T1565 | Data Manipulation | Tampering with automated workflows to redirect data or processes. |
Targeted Landscape & Exposure
Intelligence records indicate a significant attack surface:
- Deployment Count: Approximately 103,476 internet-reachable n8n instances were identified as potentially vulnerable during the CVE-2025-68613 disclosure.
- Sectors: Organizations relying on automation for DevOps, Customer Support, and FinTech are at high risk due to the sensitive nature of the API keys (AWS, Slack, GitHub, etc.) typically stored in n8n credentials.
Recommended Actions
- Immediate Patching: Upgrade all n8n instances to version 1.123.17 or 2.5.2+ immediately to address the latest bypass (CVE-2026-25049).
- Audit Webhooks: Review all workflows utilizing the "Webhook" node. Ensure that those exposed to the public internet use "Header Auth," "Basic Auth," or "JWT Auth" rather than "None."
- Least Privilege: Ensure the n8n process is running with minimal OS-level privileges (e.g., a dedicated non-root user) and is restricted by network segmentation to prevent lateral movement.
- Access Control: Restrict workflow creation and editing permissions to a strictly verified set of trusted users.