Full Report
A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypasses safeguards put in place to address CVE-2025-68613 (CVSS score: 9.9), another critical defect that
Analysis Summary
# Vulnerability: Arbitrary Command Execution in n8n Workflow Expressions
## CVE Details
- CVE ID: CVE-2026-25049
- CVSS Score: 9.4 (Critical)
- CWE: CWE-94 (Improper Control of Generation of Code ('Code Injection')) - *Implied by RCE via expression evaluation*
## Affected Systems
- Products: n8n workflow automation platform
- Versions: `<1.123.17` (Fixed in 1.123.17) AND `<2.5.2` (Fixed in 2.5.2)
- Configurations: Requires an authenticated user with permissions to create or modify workflows. Severity increases significantly when workflows utilize publicly accessible, unauthenticated webhooks.
## Vulnerability Description
This critical vulnerability stems from inadequate sanitization in the expression evaluation mechanism, which allows an authenticated user to bypass previously implemented safeguards aimed at fixing CVE-2025-68613. The flaw arises from a mismatch where TypeScript's compile-time type enforcement (expecting strings) is bypassed by dynamically crafted runtime input (e.g., objects, arrays, or symbols). An attacker can abuse this by crafting malicious expressions within workflow parameters, leading to **arbitrary system command execution** on the host running n8n.
## Exploitation
- Status: PoC available (Techniques described in detail)
- Complexity: Low (If the attacker can create/modify workflows, they can own the server)
- Attack Vector: Adjacent (Requires prior authentication/authorization to modify workflows, but can lead to remote execution via public webhooks)
## Impact
- Confidentiality: High (Potential to steal credentials, API keys, cloud provider keys, database passwords, and OAuth tokens)
- Integrity: High (Ability to execute arbitrary commands allows for system compromise and modification of application state)
- Availability: High (Potential for system compromise, denial of service, or installation of backdoors)
## Remediation
### Patches
- Upgrade n8n to **version 1.123.17 or later**.
- Upgrade n8n to **version 2.5.2 or later**.
### Workarounds
1. Restrict workflow creation and editing permissions strictly to fully trusted users only.
2. Deploy n8n in a hardened environment with restricted operating system privileges and limited network access.
## Detection
- Indicators of Compromise: Look for unusual system command executions originating from the n8n process, or unexpected outbound network connections initiated by the workflow engine.
- Detection Methods and Tools: Analyze workflow creation/modification logs for complex or unusual JavaScript/expression syntax being introduced, specifically targeting destructuring within webhook nodes or expression evaluation fields. Thorough code review of sanitization functions for runtime input types is advised.
## References
- Vendor Advisory: n8n security advisory (GHSA-6cqr-8cfr-67f8) at github dot com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8
- Research Detail (SecureLayer7): blog dot securelayer7 dot net/cve-2026-25049/
- Research Detail (Endor Labs): endorlabs dot com/learn/cve-2026-25049-n8n-rce/
- Related Vulnerability: CVE-2025-68613