CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Multiple Critical n8n Workflow Automation Vulnerabilities (CVE-2025-68613, CVE-2025-68668, CVE-2026-21877, CVE-2026-21858, CVE-2026-25049, CVE-2026-27577, CVE-2026-27493, CVE-2026-27495, CVE-2026-27497)

First reported
Last updated
3 unique sources, 15 articles

Summary

Hide ▲

The **U.S. Cybersecurity and Infrastructure Security Agency (CISA)** has added **CVE-2025-68613** to its **Known Exploited Vulnerabilities (KEV) catalog**, mandating federal agencies to patch n8n instances by **March 25, 2026**, due to **active exploitation** of this critical remote code execution (RCE) flaw. Meanwhile, **Pillar Security** has disclosed two new critical vulnerabilities (**CVE-2026-27577** and **CVE-2026-27493**), with the latter being a **zero-click, unauthenticated flaw** that allows **full server compromise** via public form endpoints (e.g., a "Contact Us" form) without requiring authentication or user interaction. Over **40,000 unpatched instances** remain exposed globally, with **18,000+ in North America and 14,000+ in Europe**, per Shadowserver data. This development follows a series of **critical n8n vulnerabilities** disclosed since late 2025, including **CVE-2026-21877 (CVSS 10.0)**, **CVE-2026-21858 (unauthenticated RCE)**, and **four March 2026 flaws (CVE-2026-27577, CVE-2026-27493, CVE-2026-27495, CVE-2026-27497)** enabling **sandbox escapes, credential theft, and unauthenticated expression injection**. Affected versions span **<1.123.22, >=2.0.0 <2.9.3, and >=2.10.0 <2.10.1**, with patches available in **1.123.22, 2.9.3, and 2.10.1**. The platform’s widespread use in **AI orchestration and enterprise automation**—coupled with its storage of **API keys, database credentials, and cloud secrets**—makes it a prime target for attackers seeking **full server compromise** or **lateral movement into connected systems**.

Timeline

  1. 11.03.2026 16:51 2 articles · 2d ago

    Four New Critical n8n Vulnerabilities (CVE-2026-27577, CVE-2026-27493, CVE-2026-27495, CVE-2026-27497) Disclosed

    Four new critical vulnerabilities in n8n have been disclosed, all patched in versions **1.123.22, 2.9.3, and 2.10.1**, affecting **self-hosted and cloud deployments** in versions **<1.123.22, >=2.0.0 <2.9.3, and >=2.10.0 <2.10.1**. The flaws enable **remote code execution (RCE), unauthenticated expression injection, and arbitrary file writes**, with the following key details: - **CVE-2026-27577 (CVSS 9.4)**: A **sandbox escape in the expression compiler** where a missing case in the AST rewriter allows the `process` object to bypass transformations, granting **authenticated users full RCE** via crafted workflow expressions. Exploitation could lead to **decryption of stored credentials** (AWS keys, OAuth tokens, database passwords) by accessing the `N8N_ENCRYPTION_KEY` environment variable. - **CVE-2026-27493 (CVSS 9.5)**: A **zero-click, unauthenticated flaw** that allows **full server compromise** via public form endpoints (e.g., a "Contact Us" form). Attackers can inject malicious payloads into input fields (e.g., the Name field) to execute **arbitrary shell commands** without requiring authentication or user interaction. This vulnerability also introduces **cross-tenant risk** in n8n Cloud and multi-tenant deployments, where a single public form could serve as an entry point for broader compromise. - **CVE-2026-27495 (CVSS 9.4)**: A **code injection vulnerability in the JavaScript Task Runner sandbox**, enabling authenticated users with workflow modification permissions to **execute arbitrary code outside the sandbox boundary**. Mitigation includes using **external runner mode (`N8N_RUNNERS_MODE=external`)**. - **CVE-2026-27497 (CVSS 9.4)**: A flaw in the **Merge node’s SQL query mode** that allows authenticated users to **execute arbitrary code and write arbitrary files** on the n8n server. Disabling the Merge node via the `NODES_EXCLUDE` environment variable is recommended as a temporary workaround. Pillar Security researchers emphasized that **n8n Cloud deployments** are also affected by CVE-2026-27493, with potential **cross-tenant risk** due to shared infrastructure. Users are advised to **rotate all stored credentials** if a vulnerable workflow is found, as exposure of the `N8N_ENCRYPTION_KEY` could decrypt every credential stored in the platform. Short-term mitigations for **CVE-2026-27577** include restricting workflow creation/editing permissions to trusted users and deploying n8n in a hardened environment. For **CVE-2026-27493**, n8n advises disabling the Form and Form Trigger nodes via `NODES_EXCLUDE` or manually reviewing form node usage, though these measures do not fully remediate the risk.

    Show sources
    Open in new tab
  2. 04.02.2026 23:14 2 articles · 1mo ago

    Critical n8n vulnerabilities (CVE-2026-25049) disclosed with public exploits

    Multiple critical vulnerabilities in n8n, collectively tracked as **CVE-2026-25049 (CVSS 9.4)**, stem from inadequate sanitization mechanisms that bypass patches for CVE-2025-68613. The flaw allows **authenticated users with workflow creation/modification permissions** to execute arbitrary system commands via crafted expressions in workflow parameters, exploiting a **mismatch between TypeScript’s compile-time type system and JavaScript’s runtime behavior**. Attackers can bypass sanitization by passing non-string values (e.g., objects, arrays) at runtime. The vulnerability affects versions **<1.123.17 and <2.5.2**, with fixes released in **1.123.17 and 2.5.2**. Researchers from **SecureLayer7, Pillar Security, and Endor Labs** demonstrated exploits where a **publicly accessible webhook** in a malicious workflow enables remote command execution, server compromise, and credential theft (API keys, OAuth tokens, database passwords). The risk escalates when combined with n8n’s webhook feature, allowing unauthenticated remote triggering. Ten security researchers, including **Fatih Çelik, Cris Staicu, Eilon Cohen, and Sandeep Kamble**, are credited with discovering the flaw. Users are advised to **upgrade to patched versions**, restrict workflow permissions to trusted users, and deploy n8n in hardened environments with limited OS privileges. Temporary mitigations include auditing workflows for suspicious expressions and rotating encryption keys/credentials.

    Show sources
    Open in new tab
  3. 04.02.2026 15:00 2 articles · 1mo ago

    Two Critical Flaws in n8n AI Workflow Automation Platform Allow Complete Takeover

    Researchers at Pillar Security have found two maximum severity vulnerabilities (CVSS score of 10.0) in n8n, a popular open-source workflow automation platform powering hundreds of thousands of enterprise AI systems worldwide. The flaws are sandbox escape vulnerabilities which, when exploited, allow any authenticated user to achieve complete server control and steal any stored credential, including API keys, cloud provider keys, database passwords, and OAuth tokens on both self-hosted and cloud n8n instances. The first flaw was reported by Pillar Security to n8n maintainers, who released a patch, but a second vulnerability bypassing the fix was discovered 24 hours after initial patch was deployed. n8n released a new patched version, version 2.4.0, with fixes for both vulnerabilities, in January 2026. The Pillar Security advisory addressing both flaws has a GitHub vulnerability identifier, GHSA-6cqr-8cfr-67f8, but the firm did not reveal the CVE identifier for either of the vulnerabilities. The Pillar Security researchers noted that companies using n8n for AI orchestration face credential exposure when using OpenAI, Anthropic, Azure OpenAI, and Hugging Face as well as vector database access (e.g., Pinecone, Weaviate, Qdrant). Attackers who successfully exploit either of these flaws can intercept AI prompts, modify AI responses, redirect traffic through attacker-controlled endpoints, and exfiltrate sensitive data from AI interactions. Additionally, on n8n cloud, a single compromised user could potentially access shared infrastructure and other customers' data within the Kubernetes cluster.

    Show sources
    Open in new tab
  4. 28.01.2026 14:43 4 articles · 1mo ago

    Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

    The article provides detailed information on two new vulnerabilities affecting the n8n workflow automation platform, tracked as CVE-2026-1470 and CVE-2026-0863. These flaws, discovered by the JFrog Security Research team, allow authenticated attackers to bypass sandbox mechanisms and achieve remote code execution. The article explains the technical details of the vulnerabilities, including how they can be exploited to run arbitrary commands on systems hosting vulnerable n8n instances. Users are advised to upgrade to the latest patched versions to address these flaws. The article also highlights the difficulty in safely sandboxing dynamic, high-level languages such as JavaScript and Python, emphasizing that even with multiple validation layers, deny lists, and AST-based controls in place, subtle language features and runtime behaviors can be leveraged to bypass security assumptions. The n8n cloud platform has addressed the issues, and only self-hosted versions running a vulnerable release are affected. Researcher Rhoda Smart promised to add a proof-of-concept exploit in a technical blog post, which could prompt attackers to hunt for and target self-hosted n8n deployments.

    Show sources
    Open in new tab
  5. 07.01.2026 15:48 7 articles · 2mo ago

    Critical Unauthenticated RCE Vulnerability (CVE-2026-21858) Disclosed

    The article provides detailed information on the Ni8mare vulnerability (CVE-2026-21858) in the n8n workflow automation platform. It highlights the severity of the flaw, which allows unauthenticated remote attackers to gain complete control over susceptible instances. The article also explains the technical details of the vulnerability, including how it relates to the webhooks that start workflows in n8n and the parsing of incoming data based on the 'content-type' header. It emphasizes the potential impact of the vulnerability, which could enable attackers to access sensitive information and compromise enterprise secrets. The article also notes that there are no official workarounds available for Ni8mare, with users urged to upgrade to version 1.121.0 or later to remediate. Over 105,753 unpatched instances of n8n were found exposed online, with 59,558 still exposed on Sunday. More than 28,000 IPs were found in the United States and over 21,000 in Europe. The Pillar Security advisory addressing both flaws has a GitHub vulnerability identifier, GHSA-6cqr-8cfr-67f8, but the CVE identifier for either of the vulnerabilities was not revealed. The vulnerabilities allow authenticated users to achieve complete server control and steal stored credentials, including API keys, cloud provider keys, database passwords, and OAuth tokens. The first flaw was reported by Pillar Security to n8n maintainers, who released a patch, but a second vulnerability bypassing the fix was discovered 24 hours after the initial patch was deployed. n8n released a new patched version, version 2.4.0, with fixes for both vulnerabilities, in January 2026. Companies using n8n for AI orchestration face credential exposure when using OpenAI, Anthropic, Azure OpenAI, and Hugging Face as well as vector database access (e.g., Pinecone, Weaviate, Qdrant). Attackers who exploit these flaws can intercept AI prompts, modify AI responses, redirect traffic through attacker-controlled endpoints, and exfiltrate sensitive data from AI interactions. On n8n cloud, a single compromised user could potentially access shared infrastructure and other customers' data within the Kubernetes cluster. Pillar Security recommended upgrading to n8n version 2.4.0 or later, rotating the encryption key and all credentials, auditing workflows, and monitoring AI workflows for unusual patterns.

    Show sources
    Open in new tab
  6. 07.01.2026 13:26 4 articles · 2mo ago

    New CVSS 10.0 RCE Vulnerability (CVE-2026-21877) Disclosed

    A new maximum-severity vulnerability (CVSS 10.0, CVE-2026-21877) has been discovered in n8n, affecting versions >= 0.123.0 and < 1.121.3. This flaw has been patched in version 1.121.3, released in November 2025. Both self-hosted and n8n Cloud instances are impacted. Users are advised to upgrade to the latest version or implement mitigations such as disabling the Git node and limiting access for untrusted users.

    Show sources
    Open in new tab
  7. 23.12.2025 09:34 5 articles · 2mo ago

    Critical n8n Vulnerability (CVE-2025-68613) Disclosed

    A critical vulnerability in n8n workflow automation platform, tracked as CVE-2025-68613 (CVSS 9.9), was disclosed in December 2025, affecting versions 0.211.0 to 1.120.4. The flaw allows **authenticated users** to execute arbitrary code with n8n process privileges, risking **full instance compromise, unauthorized data access, and system-level operations**. Patches were released in **1.120.4, 1.121.1, and 1.122.0**, with over **103,000 instances** initially identified as vulnerable, primarily in the U.S., Germany, France, Brazil, and Singapore. **Update (March 2026):** The U.S. **Cybersecurity and Infrastructure Security Agency (CISA)** added CVE-2025-68613 to its **Known Exploited Vulnerabilities (KEV) catalog** on March 11, citing **active exploitation** in the wild. CISA issued a **binding directive (BOD 22-01)** requiring **Federal Civilian Executive Branch (FCEB) agencies** to patch affected n8n instances by **March 25, 2026**. Shadowserver data indicates **over 40,000 unpatched instances** remain exposed globally, with **18,000+ in North America and 14,000+ in Europe**. CISA advised all organizations to **apply mitigations immediately**—including upgrading to **v1.122.0+**, restricting workflow permissions, and hardening deployments—or **discontinue use** if patches are unavailable.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

CISA Adds SolarWinds, Ivanti, and Workspace One Vulnerabilities to KEV Catalog

CISA has added three vulnerabilities to its KEV catalog due to evidence of active exploitation. These include CVE-2021-22054 in Omnissa Workspace One UEM, CVE-2025-26399 in SolarWinds Web Help Desk, and CVE-2026-1603 in Ivanti Endpoint Manager. The vulnerabilities are being exploited by threat actors, including the Warlock ransomware crew. Federal agencies are ordered to apply patches by March 12 and March 23, 2026. CVE-2026-1603 can be exploited by remote threat actors to bypass authentication and steal credential data in low-complexity cross-site scripting attacks that require no user interaction. Ivanti patched CVE-2026-1603 one month ago with the release of Ivanti EPM 2024 SU5, but has not received reports of exploitation prior to public disclosure.

Open in new tab

Critical Zero-Click RCE Vulnerability in FreeScout Helpdesk Platform

A critical zero-click remote code execution (RCE) vulnerability (CVE-2026-28289) in FreeScout helpdesk platform allows attackers to hijack mail servers by sending a crafted email. The flaw bypasses a previous fix for another RCE issue (CVE-2026-27636) and enables unauthenticated command execution on the server. FreeScout versions up to 1.8.206 are affected, and immediate patching to version 1.8.207 is recommended. The vulnerability leverages a zero-width space (Unicode U+200B) to bypass security checks, allowing malicious file uploads and subsequent exploitation. Over 1,100 publicly exposed FreeScout instances are at risk, with potential impacts including full server compromise, data breaches, and lateral movement. Ox Security discovered a patch bypass that allowed reproduction of the same RCE on newly updated servers and escalated the attack chain to a zero-click RCE. The PHP-based Laravel framework, on which FreeScout is based, has over 83,000 GitHub stars and around 13,000 publicly exposed servers.

Open in new tab

VMware Aria Operations RCE Flaw Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability, CVE-2026-22719, to its Known Exploited Vulnerabilities catalog, indicating it is being exploited in attacks. The flaw, patched on February 24, 2026, allows unauthenticated attackers to execute arbitrary commands on vulnerable systems. Federal agencies must address the issue by March 24, 2026. The vulnerability impacts VMware Cloud Foundation and VMware vSphere Foundation 9.x.x.x (fixed in version 9.0.2.0) and VMware Aria Operations 8.x (fixed in version 8.18.6). Broadcom has acknowledged reports of exploitation but cannot confirm them independently. A temporary workaround script, 'aria-ops-rce-workaround.sh,' is available for organizations unable to apply patches immediately.

Open in new tab

Metro4Shell RCE Flaw Exploited in React Native CLI npm Package

Threat actors are actively exploiting a critical remote code execution (RCE) flaw (CVE-2025-11953, CVSS 9.8) in the Metro Development Server within the @react-native-community/cli npm package. First observed on December 21, 2025, the vulnerability allows unauthenticated attackers to execute arbitrary OS commands. Exploits deliver a PowerShell script that disables Microsoft Defender exclusions and downloads a Rust-based binary with anti-analysis features from an attacker-controlled host. The attacks originate from multiple IP addresses and indicate operational use rather than experimental probing.

Open in new tab

OpenClaw Token Exfiltration Vulnerability Enables One-Click RCE

A high-severity vulnerability (CVE-2026-25253, CVSS 8.8) in OpenClaw, an open-source AI assistant, allows remote code execution via a malicious link. The flaw enables token exfiltration and full gateway compromise. The issue was patched in version 2026.1.29 released on January 30, 2026. The vulnerability arises because the Control UI trusts the gatewayUrl parameter without validation, auto-connecting and sending the stored gateway token in the WebSocket connect payload. This allows an attacker to connect to the victim's local gateway, modify configurations, and execute privileged actions. OpenClaw integrates with various messaging platforms and has gained rapid popularity, with its GitHub repository crossing 149,000 stars. The vulnerability can be exploited to achieve one-click RCE by visiting a malicious web page, leveraging cross-site WebSocket hijacking due to the lack of origin header validation.

Open in new tab