CVE-2026-25049
n8n Has an Expression Escape Vulnerability Leading to RCE
Description
n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue has been patched in versions 1.123.17 and 2.5.2.
INFO
Published Date :
Feb. 4, 2026, 5:16 p.m.
Last Modified :
Feb. 5, 2026, 8:22 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | CRITICAL | [email protected] | ||||
| CVSS 4.0 | CRITICAL | [email protected] |
Solution
- Update n8n to version 1.123.17 or later.
- Update n8n to version 2.5.2 or later.
- Restrict workflow creation/modification permissions.
Public PoC/Exploit Available at Github
CVE-2026-25049 has a 6 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-25049.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-25049 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-25049
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
to keep up the GitHub contributions
Python
None
Python
None
PowerShell Shell
None
None
None
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-25049 vulnerability anywhere in the article.
-
The Register
n8n security woes roll on as new critical flaws bypass December fix
Multiple newly disclosed bugs in the popular workflow automation tool n8n could allow attackers to hijack servers, steal credentials, and quietly disrupt AI-driven business processes. The vulnerabilit ... Read more
-
The Cyber Express
Critical n8n Vulnerability CVE-2026-25049 Enables Remote Command Execution
A newly disclosed critical vulnerability, tracked as CVE-2026-25049, in the workflow automation platform n8n, allows authenticated users to execute arbitrary system commands on the underlying server ... Read more
-
The Hacker News
Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, ... Read more
-
reddit.com
2026: New N8N RCE Deep Dive into CVE-2026-25049
Let us know your cookie preferences Reddit uses cookies and similar technologies to: Keep the website operational and running properly Prevent fraud and abuse Monitor site usage and performance metric ... Read more
The following table lists the changes that have been made to the
CVE-2026-25049 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Feb. 05, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Added CPE Configuration OR *cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:* versions up to (excluding) 1.123.17 *cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:* versions from (including) 2.0.0 up to (excluding) 2.5.2 Added Reference Type GitHub, Inc.: https://github.com/n8n-io/n8n/commit/7860896909b3d42993a36297f053d2b0e633235d Types: Patch Added Reference Type GitHub, Inc.: https://github.com/n8n-io/n8n/commit/936c06cfc1ad269a89e8ef7f8ac79c104436d54b Types: Patch Added Reference Type GitHub, Inc.: https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8 Types: Patch, Vendor Advisory -
New CVE Received by [email protected]
Feb. 04, 2026
Action Type Old Value New Value Added Description n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue has been patched in versions 1.123.17 and 2.5.2. Added CVSS V4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Added CWE CWE-913 Added Reference https://github.com/n8n-io/n8n/commit/7860896909b3d42993a36297f053d2b0e633235d Added Reference https://github.com/n8n-io/n8n/commit/936c06cfc1ad269a89e8ef7f8ac79c104436d54b Added Reference https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8