n8n
-
Two critical n8n flaws patched after researcher finds remote code execution risk
Two critical vulnerabilities in the n8n workflow platform were reported and patched in March 2026. A technical analysis and vendor advisories show flaws that can enable remote code execution and decryption of stored credentials.
-
Critical vulnerability CVE-2026-25049 in n8n could allow system command execution
A critical CVE-2026-25049 vulnerability in a workflow automation platform can enable authenticated users to run system commands. The flaw has CVSS 9.4 and is fixed in 1.123.17 and 2.5.2. Restrict workflow creation and apply patches.
-
Two n8n sandbox escape flaws allow remote code execution
JFrog Security Research disclosed two eval injection flaws in n8n that can bypass sandboxes and allow remote code execution. One is rated CVSS 9.9. Users are advised to update affected versions.
-
Critical n8n flaw CVE-2025-68668 allows authenticated command execution on host
A critical sandbox bypass in the n8n Python Code Node, tracked as CVE-2025-68668 and rated CVSS 9.9, allows authenticated workflow authors to execute OS commands on hosts. The issue is fixed in n8n 2.0.0.
-
Critical vulnerability in n8n workflow platform could allow code execution (CVE-2025-68613)
A critical vulnerability in the n8n workflow automation platform (CVE-2025-68613) with a CVSS score of 9.9 could allow authenticated users to trigger arbitrary code execution; patches are available and Censys reports over 103,000 potentially vulnerable instances.
