Executive Summary

A critical remote code execution (RCE) vulnerability, CVE-2026-25049, has been disclosed in the n8n open-source workflow automation platform. The vulnerability, which carries a CVSS score of 9.4, is a sandbox escape that allows an authenticated attacker with workflow editing permissions to execute arbitrary commands on the underlying server. Successful exploitation can lead to a complete server compromise, granting the attacker access to all environment variables, which often contain highly sensitive credentials, API keys, and OAuth tokens for connected services. This could allow an attacker to pivot and take control of integrated cloud accounts and AI pipelines. The flaw is a bypass for a previous RCE vulnerability (CVE-2025-68613), emphasizing the severity of the issue. The n8n team has released patches, and all users are strongly advised to upgrade to versions 1.123.17 or 2.5.2 immediately.

---

Vulnerability Details

CVE-2026-25049 is a sandbox escape vulnerability within n8n's JavaScript expression evaluation engine. The platform uses a sandbox to safely execute user-provided code within workflows, but researchers at security firm Pillar discovered a method to bypass this protection.

The flaw can be triggered by an authenticated user who has permissions to create or edit a workflow. By crafting a malicious JavaScript expression using specific properties with a template literal or certain arrow functions, an attacker can break out of the sandboxed environment. Once the sandbox is escaped, the attacker can execute arbitrary system commands with the privileges of the n8n service account.

This is particularly dangerous because n8n is designed to connect to and automate a wide range of other services. A compromise of the n8n server itself effectively hands the keys to all connected applications to the attacker.

---

Affected Systems

• Product: n8n Workflow Automation Platform
• Affected Versions: All versions prior to 1.123.17 and 2.5.2.
• Patched Versions: 1.123.17 and 2.5.2.

---

Exploitation Status

There is no evidence of active exploitation in the wild at the time of disclosure. However, given the criticality of the vulnerability and the public availability of the details, organizations should assume that exploitation attempts are imminent. The low complexity of the attack (once a valid account is obtained) makes it an attractive target for threat actors.

---

Impact Assessment

A successful exploit of CVE-2026-25049 can have a catastrophic impact, representing a significant supply chain risk.

• Full Server Compromise: Attackers gain RCE on the host server, allowing them to install backdoors, exfiltrate data, or use the server as a pivot point.
• Credential and API Key Theft: The primary impact is the theft of all credentials stored as environment variables or within the n8n instance. This includes API keys, database credentials, and OAuth tokens for countless third-party services (e.g., AWS, Google Cloud, Slack, CRMs).
• Hijacking of Connected Services: With the stolen credentials, attackers can take over connected cloud accounts, access or manipulate data in integrated applications, and disrupt business-critical automated workflows.
• Lateral Movement: The compromised n8n server can be used to attack other systems within the internal network.

---

Cyber Observables for Detection

Detecting exploitation requires monitoring the n8n server and its logs.

Type	Value	Description	Context	Confidence
command_line_pattern	n8n process spawning unexpected child processes like sh, bash, cmd.exe, powershell.exe.	A strong indicator of successful sandbox escape and command execution.	EDR, Sysmon Event ID 1	high
network_traffic_pattern	Outbound connections from the n8n server to suspicious IP addresses (e.g., reverse shells).	Attacker establishing a C2 channel after successful exploitation.	Firewall logs, NetFlow	high
log_source	n8n application logs	Look for logs containing suspicious JavaScript code snippets with template literals or arrow functions being saved in workflows.	Application log monitoring	medium

---

Detection Methods

1. Version Checking: The most straightforward detection method is to inventory all n8n instances and check if they are running a vulnerable version (prior to 1.123.17 or 2.5.2).
2. Endpoint Monitoring: Deploy an EDR agent on the n8n host server. Create detection rules to alert on the n8n process spawning shell processes or network utilities like curl and wget.
3. Audit User Permissions: Regularly audit which users have permission to create and edit workflows in n8n. Any user with these permissions can exploit this vulnerability, so access should be tightly controlled.

---

Remediation Steps

Immediate action is required to mitigate this critical risk.

1. Patch Immediately: The primary and most effective remediation is to upgrade all n8n instances to a patched version (1.123.17 or 2.5.2). This is a direct application of M1051 - Update Software.
2. Restrict Permissions (Temporary Mitigation): If patching is not immediately possible, as a temporary measure, revoke workflow creation and editing permissions from all non-essential and untrusted users. This limits the number of accounts that could be used to exploit the flaw. This aligns with the principle of least privilege (M1026 - Privileged Account Management).
3. Rotate Credentials: After patching, it is highly recommended to rotate all credentials, API keys, and secrets stored in the n8n environment as a precaution against prior, undetected compromise.