Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

Critical Vulnerability in n8n Workflow Automation Platform

A critical security vulnerability has been disclosed in the n8n workflow automation platform that could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypasses safeguards put in place to address CVE-2025-68613.

Vulnerability Overview

CVE-2026-25049 Details: - CVSS Score: 9.4 (Critical)
- Type: Expression Evaluation Bypass → Remote Code Execution
- Requirement: Authenticated user with permission to create or modify workflows
- Attack Vector: Crafted expressions in workflow parameters trigger unintended system command execution

This is considered a bypass for the initial fix to CVE-2025-68613, allowing attackers to escape the n8n expression sandbox mechanism and bypass security checks.

Attack Scenario

An attacker can create a workflow with a publicly accessible webhook that has no authentication enabled. By adding a single line of JavaScript using destructuring syntax, the workflow can be abused to execute system-level commands. Once exposed, anyone on the internet can trigger the webhook and run commands remotely.

Potential Impact

Successful exploitation could allow attackers to:
- Compromise the server infrastructure
- Steal API keys, cloud provider credentials, database passwords, and OAuth tokens
- Access the filesystem and internal systems
- Pivot to connected cloud accounts
- Hijack artificial intelligence workflows
- Establish persistent backdoors for long-term access

Root Cause Analysis

The vulnerability arises from a mismatch between TypeScript's compile-time type system and JavaScript's runtime behavior. While TypeScript enforces that a property should be a string at compile time, this enforcement is limited to values present in the code during compilation. JavaScript runtime behavior bypasses these compile-time checks through attacker-produced values.

When attackers craft malicious expressions at runtime, they can pass non-string values (such as objects, arrays, or symbols) that completely bypass the sanitization check.

Affected Versions & Patches

- Version 2.5.0 (latest)
- Version 1.123.2 and later

Additional Critical Flaws Disclosed

n8n released security alerts for 11 other flaws, including five rated critical:

- CVE-2026-21893 (CVSS 9.4): Command injection via admin permissions
- CVE-2026-25052 (CVSS 9.4): TOCTOU file access vulnerability
- CVE-2026-25053 (CVSS 9.4): OS command injection in Git node
- CVE-2026-25056 (CVSS 9.4): Arbitrary file write via Merge node
- CVE-2026-25115 (CVSS 9.4): Python sandbox escape with Task Runners

Mitigation Strategies

If immediate patching is not possible, implement these workarounds:
- Restrict workflow creation and editing permissions to fully trusted users
- Deploy n8n in a hardened environment with restricted OS privileges
- Implement network segmentation and access controls
- Monitor workflow execution for suspicious activity

TL;DR

- Critical n8n RCE vulnerability (CVE-2026-25049, CVSS 9.4) allows unauthenticated command execution via public webhooks
- Bypasses expression sandbox through TypeScript/JavaScript type mismatch exploitation
- Twelve additional n8n CVEs disclosed, five rated critical severity
- Immediate patching to v2.5.0/v1.123.2+ recommended; restrict workflow permissions if patching delayed

Source: The Hacker News