IP Whitelist Vulnerability in n8n Automation Platform
CVE-2025-68949

5.3MEDIUM

Key Information:

Vendor

N8n-io

Status
N8n
Vendor
CVE Published:
13 January 2026

What is CVE-2025-68949?

n8n, an open-source workflow automation platform, faces a significant vulnerability due to its Webhook node's IP whitelist validation mechanism. Instead of performing a precise IP comparison, the validation conducted partial string matching. Consequently, if an incoming request's source IP address contained a substring of a whitelisted entry, it could be wrongfully accepted. This flaw particularly affected users who employed IP-based access controls to manage webhook access securely. Both IPv4 and IPv6 addresses were susceptible, allowing a potential attacker whose non-whitelisted IP address shared a partial prefix with a legitimate IP address to bypass these critical restrictions entirely. This issue has been resolved in version 2.2.0.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

n8n >= 1.36.0, < 2.2.0

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-w9...
x_refsource_CONFIRM
https://github.com/n8n-io/n8n/issues/23399
x_refsource_MISC
https://github.com/n8n-io/n8n/pull/23399
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.