- New flaw in n8n (CVE-2026-25049) allows unauthenticated users to run arbitrary commands on servers
- Vulnerability risks theft of secrets (API keys, OAuth tokens) and cross-tenant data exposure
- Patch released in v2.4.0; PoC already public, making immediate updates critical despite temporary workarounds
A critical vulnerability has been found in n8n which allows threat actors to run arbitrary commands on the underlying computers.
In the second half of December 2025, n8n’s developers released CVE-2025-68613, a patch for a critical Remote Code Execution (RCE) vulnerability in the workflow expression evaluation system. Now, security researchers are saying that the patch was inadequate and left exploitable holes.
These holes lead to the same result – escaping the workflow automation platform and taking over the underlying server.
Proof of Concept released
This new flaw is now tracked as CVE-2026-25049. Apparently, any unauthenticated user that can create or edit workflows on the platform can also perform RCE on the n8n server. Some researchers are saying that the bug can be used to steal all secrets stored on the server, such as API keys, or OAuth tokens. Furthermore, sensitive configuration files are also at risk.
To make things worse, it is possible for threat actors to pivot from one tenant to another, stealing data from multiple organizations sharing the same environment.
“The attack requires nothing special. If you can create a workflow, you can own the server,” Pillar Security said in a report.
On December 30, n8n developers acknowledged the mishap and released version 2.4.0 two weeks later. If you are actively using n8n, it is advised to apply the patch as soon as possible, especially since a Proof-of-Concept (PoC) is already released.
BleepingComputer notes researchers from Endor Labs were the ones publishing the PoC.
“In all versions prior to 2.5.2 and 1.123.17, the sanitization function assumes keys in property accesses are strings in attacker-controlled code,” Endor Labs explained.
Those that cannot apply the patch right now can deploy a workaround, that includes limiting workflow creation and editing permissions to fully trusted users only and deploying n8n in a hardened environment with restricted OS privileges and network access.
Still, the developers warned that this can only be considered a temporary workaround and that patching is still the best way to actually fix the issue.
At press time, there were no reported cases of abuse in the wild.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
link