CVE-2026-25049

Published Feb 4, 2026

Last updated 2 months ago

CVSS critical 9.4
API

Overview

Description
n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue has been patched in versions 1.123.17 and 2.5.2.
Source
security-advisories@github.com
NVD status
Analyzed
Products
n8n

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.4
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

CVSS 3.1

Type
Primary
Base score
9.9
Impact score
6
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-913

Social media

Hype score
Not currently trending

  1. n8n Vulnerability Analysis: CVE-2025-68613, CVE-2026-21858, CVE-2026-25049 https://t.co/OkUxRBFKB6 #cyber #threathunting #infosec

    @blueteamsec1

    13 Mar 2026

    917 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. #exploit 1⃣. CVE-2025-11730: RCE via DDNS configuration in ZYXEL ATP/USG Series https://t.co/3wpBRrMZZh ]-> PoC https://t.co/G6WSyJ6N6q 2⃣. A Deep Dive into CVE-2026-25049: n8n RCE https://t.co/BcChJcETOg 3⃣. The RCE that AMD won’t fix https://t.co/Am5eZH9KGG 4⃣

    @ksg93rd

    8 Feb 2026

    869 Impressions

    3 Retweets

    20 Likes

    9 Bookmarks

    0 Replies

    0 Quotes

  3. Critical n8n Vulnerabilities: CVE-2025-68613 and CVE-2026-25049 Analysis https://t.co/dnlA8vkg4J #CyberSecurity #Vulnerability

    @LandscapeThreat

    5 Feb 2026

    49 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. n8n’s CVE-2026-25049 lets an authenticated user craft workflow expressions that break the sandbox and run arbitrary OS commands - a critical 9.4 RCE that bypasses the prior CVE-2025-68613 fix. Upgrade to 1.123.17/2.5.2 or isolate the service now. https://t.co/gIJiGLFkC4 #infose

    @CyberDaily_News

    5 Feb 2026

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Faille critique dans n8n CVE-2026-25049 : vulnérabilité critique contournant un précédent correctif (CVE-2025-68613). Exécution de code possible via workflow ou webhook public. Si vous utilisez n8n, mettez à jour immédiatement. https://t.co/5kCmR1zRB4 #security #cve #n

    @foudreclair

    5 Feb 2026

    62 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 📌 أعلنت عن ثغرة حاسمة جديدة في منصة n8n لأتمتة التدفقات، CVE-2026-25049، قد تتيح تنفيذ أوامر نظامية عبر مسارات عمل ضارة. بقيمة CVSS 9.4، تعود إلى فشل في تنقية المدخلا

    @Cybercachear

    5 Feb 2026

    71 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. I recently discovered two new RCE vulnerabilities in n8n. One is a bypass for my previous finding (CVE-2025-68613), and the other is a fresh Command Injection in the Git Node. 1. The Sandbox Escape (CVE-2026-25049) I managed to bypass the fix for my original report

    @fatihclk01

    4 Feb 2026

    13911 Impressions

    30 Retweets

    166 Likes

    65 Bookmarks

    7 Replies

    3 Quotes

Configurations

Related CVEs

  1. n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node's search parameters, an attacker could manipulate the constructed filter to retrieve unintended LDAP records or bypass authentication checks implemented in the workflow. Exploitation requires a specific workflow configuration. The LDAP node must be used with user-controlled input passed via expressions (e.g., from a form or webhook). The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, disable the LDAP node by adding `n8n-nodes-base.ldap` to the `NODES_EXCLUDE` environment variable, and/or avoid passing unvalidated external user input into LDAP node search parameters via expressions. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.CVE-2026-33751
  2. n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The `/rest/binary-data` endpoint served such responses inline on the n8n origin without `Content-Disposition` or `Content-Security-Policy` headers, allowing the HTML to render in the browser with full same-origin JavaScript access. By sending the resulting URL to a higher-privileged user, an attacker could execute JavaScript in the victim's authenticated session, enabling exfiltration of workflows and credentials, modification of workflows, or privilege escalation to admin. The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only, and/or restrict network access to the n8n instance to prevent untrusted users from accessing binary data URLs. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.CVE-2026-33749
  3. n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server could intercept the connection and present a fraudulent host key, potentially injecting malicious content into workflows or intercepting repository data. This issue only affects instances where the Source Control feature has been explicitly enabled and configured to use SSH (non-default). The issue has been fixed in n8n version 2.5.0. Users should upgrade to this version or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Disable the Source Control feature if it is not actively required, and/or restrict network access to ensure the n8n instance communicates with the Git server only over trusted, controlled network paths. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.CVE-2026-33724
  4. n8n is an open source workflow automation platform. Prior to versions 2.6.4 and 1.123.23, an authenticated user without permission to list external secrets could reference a secret by the external name in a credential and retrieve its plaintext value when saving the credential. This bypassed the `externalSecret:list` permission check and allowed access to secrets stored in connected vaults without admin or owner privileges. This issue requires the instance to have an external secrets vault configured. The attacker must know or be able to guess the name of a target secret. The issue has been fixed in n8n versions 1.123.23 and 2.6.4. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Restrict n8n access to fully trusted users only, and/or disable external secrets integration until the patch can be applied. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.CVE-2026-33722
  5. n8n is an open source workflow automation platform. Prior to version 2.8.0, when the `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK` environment variable is set to `true`, the OAuth callback handler skips ownership verification of the OAuth state parameter. This allows an attacker to trick a victim into completing an OAuth flow against a credential object the attacker controls, causing the victim's OAuth tokens to be stored in the attacker's credential. The attacker can then use those tokens to execute workflows in their name. This issue only affects instances where `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK=true` is explicitly configured (non-default). The issue has been fixed in n8n version 2.8.0. Users should upgrade to this version or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Avoid enabling `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK=true` unless strictly required, and/ or restrict access to the n8n instance to fully trusted users only. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.CVE-2026-33720

References

Sources include official advisories and independent security research.