Workflow Automation Platform Vulnerability in n8n

CVE-2026-25049

What is CVE-2026-25049?

CVE-2026-25049 is a vulnerability found in n8n, an open-source workflow automation platform designed to allow users to automate complex workflows by connecting various services and APIs. This vulnerability affects versions prior to 1.123.17 and 2.5.2, enabling authenticated users with permissions to create or modify workflows to exploit crafted expressions within workflow parameters. Such exploitation could lead to unintended command execution on the host system running the n8n platform, potentially compromising the security and integrity of the workflows and the underlying data managed by n8n. Given the nature of workflow automation, this can have significant ramifications, including unauthorized access to critical systems and processes.

Potential impact of CVE-2026-25049

1. Unauthorized Command Execution: The vulnerability allows attackers to execute arbitrary commands on the server, compromising the system that hosts n8n. This could lead to malicious activities, such as data manipulation or unauthorized system access.

2. Data Breach Risks: Exploiting this vulnerability may result in unauthorized access to sensitive data processed through n8n workflows. If an attacker gains access to this data, it could lead to significant breaches of confidentiality and regulatory concerns.

3. Service Disruption: By leveraging this vulnerability, malicious actors could disrupt the normal functioning of automated workflows, potentially halting critical business processes and causing operational losses.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References