Critical n8n flaws discovered - here's how to stay safe

News
By published

A previously published patch left a gaping hole

An image of an n8n workflow
(Image credit: Future)
  • New flaw in n8n (CVE-2026-25049) allows unauthenticated users to run arbitrary commands on servers
  • Vulnerability risks theft of secrets (API keys, OAuth tokens) and cross-tenant data exposure
  • Patch released in v2.4.0; PoC already public, making immediate updates critical despite temporary workarounds

A critical vulnerability has been found in n8n which allows threat actors to run arbitrary commands on the underlying computers.

In the second half of December 2025, n8n’s developers released CVE-2025-68613, a patch for a critical Remote Code Execution (RCE) vulnerability in the workflow expression evaluation system. Now, security researchers are saying that the patch was inadequate and left exploitable holes.

These holes lead to the same result - escaping the workflow automation platform and taking over the underlying server.

Proof of Concept released

This new flaw is now tracked as CVE-2026-25049. Apparently, any unauthenticated user that can create or edit workflows on the platform can also perform RCE on the n8n server. Some researchers are saying that the bug can be used to steal all secrets stored on the server, such as API keys, or OAuth tokens. Furthermore, sensitive configuration files are also at risk.

To make things worse, it is possible for threat actors to pivot from one tenant to another, stealing data from multiple organizations sharing the same environment.

“The attack requires nothing special. If you can create a workflow, you can own the server,” Pillar Security said in a report.

On December 30, n8n developers acknowledged the mishap and released version 2.4.0 two weeks later. If you are actively using n8n, it is advised to apply the patch as soon as possible, especially since a Proof-of-Concept (PoC) is already released.

BleepingComputer notes researchers from Endor Labs were the ones publishing the PoC.

"In all versions prior to 2.5.2 and 1.123.17, the sanitization function assumes keys in property accesses are strings in attacker-controlled code," Endor Labs explained.

Those that cannot apply the patch right now can deploy a workaround, that includes limiting workflow creation and editing permissions to fully trusted users only and deploying n8n in a hardened environment with restricted OS privileges and network access.

Still, the developers warned that this can only be considered a temporary workaround and that patching is still the best way to actually fix the issue.

At press time, there were no reported cases of abuse in the wild.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.