top of page
perceptive_background_267k.jpg

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

Published:

5 February 2026 at 06:16:00

Alert date:

5 February 2026 at 07:00:41

Source:

thehackernews.com

Click to open the original link from this advisory

Enterprise Applications, Zero-Day Vulnerabilities

A critical security vulnerability CVE-2026-25049 with CVSS score 9.4 has been discovered in the n8n workflow automation platform. The flaw allows execution of arbitrary system commands through malicious workflows. This vulnerability bypasses safeguards that were implemented to address a previous critical issue CVE-2025-68613 (CVSS 9.9). The vulnerability stems from inadequate sanitization of user inputs in the workflow processing system.

Technical details

The vulnerability arises from inadequate sanitization that bypasses safeguards put in place for CVE-2025-68613. It exploits gaps in n8n's expression evaluation where crafted expressions in workflow parameters can trigger system command execution. The issue stems from a mismatch between TypeScript's compile-time type system and JavaScript's runtime behavior, allowing attackers to pass non-string values (objects, arrays, symbols) that bypass sanitization checks. Attackers can create workflows with publicly accessible webhooks and add JavaScript using destructuring syntax to execute system-level commands remotely.

Mitigation steps:

Update to n8n version 1.123.17 or later for 1.x branch
Update to n8n version 2.5.2 or later for 2.x branch
Restrict workflow creation and editing permissions to fully trusted users only
Deploy n8n in a hardened environment with restricted operating system privileges and network access
Implement multiple layers of validation with runtime checks when processing untrusted input
Review sanitization functions during code review for assumptions about input types

Affected products:

n8n workflow automation platform versions <1.123.17
n8n workflow automation platform versions <2.5.2

Related links:

https://thehackernews.com/2025/12/critical-n8n-flaw-cvss-99-enables.html
https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8
https://blog.securelayer7.net/cve-2026-25049/
https://www.pillar.security/blog/n8n-sandbox-escape-critical-vulnerabilities-in-n8n-exposes-hundreds-of-thousands-of-enterprise-ai-systems-to-complete-takeover
https://www.endorlabs.com/learn/cve-2026-25049-n8n-rce

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page