The security vulnerability CVE-2026-25049 in n8n enables remote code execution via crafted workflow expressions and is considered critical because even limited permissions to create or modify workflows may be sufficient to execute system commands on the host.
CVE-2026-25049 in n8N – What we know so far
On February 4, 2026, the n8n project published a security advisory for CVE-2026-25049. The issue affects expression evaluation in workflows and can result in an attacker executing operating system commands on the host where n8n is running. All versions prior to 1.123.17 and prior to 2.5.2 are affected. The issue is fixed in 1.123.17 and 2.5.2.
Attack prerequisites and a realistic scenario
According to the vendor advisory and the CVE description, exploitation requires an authenticated user who is allowed to create or modify workflows. This means the typical starting point is not a classic unauthenticated internet scan, but rather a low-privilege account that is still reachable in many environments, for example through compromised credentials, weak role models, or overly broad permission assignments.
The critical aspect is less the mere ability to write expressions and more the context in which n8n is often operated. n8n is used for integration and automation tasks and in practice frequently has network paths to internal systems as well as access to API tokens, databases, or secrets stored in credential stores. Once code execution on the host is possible, the risk shifts from workflow manipulation to platform and infrastructure compromise.
Technical core of the vulnerability cVE-2026-25049 in n8n
The vendor advisory classifies CVE-2026-25049 as another exploit variant in expression evaluation that was identified after the earlier advisory for CVE-2025-68613. This suggests a class of bypass or extension paths where the protections from the previous fix were not fully comprehensive.
Endor Labs describes the root cause as a weakness in the sanitization of workflow expressions, where assumptions based on TypeScript type annotations are not enforced at runtime. This allows attackers to use constructs that bypass the intended checks and ultimately enable code execution.
Severity and scoring
n8n rates the vulnerability as 9.4 under CVSS 4.0 and classifies it as critical. In the NVD, the CNA score of 9.4 is shown, and a CVSS 3.1 score of 9.9 is also already listed, which remains relevant for prioritization and reporting in many organizations. If you already use CVSS 4.0 operationally, you can adopt the vendor score of 9.4. If your processes still heavily rely on CVSS 3.1, you should account for the 9.9 score in internal SLA logic.
Recommended actions for operators
- Upgrade to n8n 1.123.17 or 2.5.2, or newer. This applies the vendor fix.
- Review roles and permissions and grant workflow creation and modification only to fully trusted users.
- Run n8n in a hardened manner. This includes reduced OS privileges, restrictive network segmentation, limited egress rules, and as few direct host capabilities as possible that would lead to an immediate “full takeover” in the event of RCE.
- Improve credential hygiene. Tokens and secrets stored in n8n should be treated as potentially exposed and rotated depending on the exposure window and available logging/forensic visibility.
- Tighten monitoring. Suspicious workflow changes, unusual expression usage, and unexpected child-process or shell activity on the host should be incorporated into detection and incident response playbooks.
It is important to interpret the “workarounds” correctly. The vendor mentions permission restrictions and hardening as temporary mitigations, but emphasizes that these measures do not fully eliminate the risk. Upgrading remains the primary remediation.
Government / agency assessment
The Cyber Security Agency of Singapore published an alert on February 6, 2026, and likewise recommends immediate patching. Their assessment explicitly highlights the risk of full code execution in affected environments, associated with unauthorized access, data compromise, or disruption of workflows and connected systems.
CVE-2026-25049 in n8N – Guidance for security teams
CVE-2026-25049 is primarily a platform vulnerability with a large blast radius because n8n often serves as an automation hub between SaaS, on-prem systems, and secrets. Priority should therefore go to instances that are externally reachable, have broad workflow permissions, or store extensive credentials. In all cases, a rapid upgrade followed by a review of roles, secrets, and telemetry is the most pragmatic approach to improve both prevention and impact containment.
