- New flaw in n8n (CVE-2026-25049) allows unauthorized users to run arbitrary commands on servers
- Vulnerability risks theft of secrets (API keys, OAuth tokens) and cross-tenant data exposure
- Patch released in v2.4.0; The PoC is already public, making immediate updates critical despite workarounds
A critical vulnerability has been found in n8n that allows threat actors to execute arbitrary commands on the underlying computers.
In the second half of December 2025, n8ns developers released CVE-2025-68613, a patch for a critical Remote Code Execution (RCE) vulnerability in the workflow expression evaluation system. Now security researchers say the patch was inadequate and left exploitable holes.
These holes lead to the same result – escaping the workflow automation platform and taking over the underlying server.
Proof of Concept published
This new bug is now tracked as CVE-2026-25049. Apparently, any unauthorized user who can create or edit workflows on the platform can also perform RCE on the n8n server. Some researchers say the flaw can be used to steal any secrets stored on the server, such as API keys or OAuth tokens. In addition, sensitive configuration files are also at risk.
To make matters worse, it is possible for threat actors to pivot from one tenant to another and steal data from multiple organizations sharing the same environment.
“The attack doesn’t require anything special. If you can create a workflow, you can own the server,” Pillar Security said in a report.
On December 30, n8n developers acknowledged the crash and released version 2.4.0 two weeks later. If you are actively using n8n, it is recommended to apply the patch as soon as possible, especially since a Proof-of-Concept (PoC) has already been released.
Bleeping Computer notes that researchers from Endor Labs were the ones who published the PoC.
“In all versions prior to 2.5.2 and 1.123.17, the sanitization function assumes that keys in property accesses are strings in attacker-controlled code,” explained Endor Labs.
Those unable to apply the patch right now can implement a workaround that includes restricting workflow creation and editing permissions to only fully trusted users and deploying n8n in a hardened environment with limited OS privileges and network access.
Still, the developers cautioned that this can only be considered a temporary solution and that patching is still the best way to fix the problem.
At press time, there were no reported cases of abuse in the wild.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
