POC available for critical n8n remote command execution flaw

Threat summary

On February 5, n8n maintainers issued a new release for the open‑source workflow automation platform addressing several vulnerabilities, ranging from high to critical severity and tracked under the following identifiers:

• CVE-2026-25053
• CVE-2026-25054
• CVE-2026-25055
• CVE-2026-25056

One of the newly disclosed vulnerabilities, CVE‑2026‑25049, is a bypass of a previously reported flaw tracked as CVE‑2025‑68613. It carries a Common Vulnerability Scoring System (CVSS) score of 9.4, and affects instances running versions prior to 1.123.17 and 2.5.2.

The flaw enables authenticated users with workflow‑creation permissions to trigger system‑level command execution through crafted expressions.

A proof-of-concept exploit for CVE‑2026‑25049 was published one day before the advisory, on February 4. Multiple security researchers confirmed it demonstrated full server compromise, including access to stored credentials, secrets, configuration files, and the underlying file system. These findings show that the exploit bypasses sanitization controls introduced to address CVE‑2025‑68613.

Reporting from The Hacker News also notes that researchers analyzing the flaw found that the risk increases when the vulnerability is combined with n8n’s public webhook feature. Their analysis explains that an attacker with valid access can create a workflow that includes a public webhook and place a remote‑code‑execution payload in a node.

After the workflow is activated, the webhook becomes publicly reachable, and anyone who accesses the URL can trigger the malicious workflow without authentication. This turns an authenticated attack path into one that can be triggered through a public endpoint, increasing operational exposure for organizations running vulnerable versions of n8n.

Analysis & mitigation

The impact of CVE‑2026‑25049 could include full remote code execution, credential theft, lateral movement, and complete takeover of the n8n host. Exploitation complexity is low because it requires only authenticated access with workflow‑editing permissions.

Upgrading n8n to versions 1.123.17 or 2.5.2 eliminates the vulnerability. Organizations can restrict workflow‑creation permissions to reduce exposure and review access controls for users interacting with automation systems. Monitoring for unexpected workflow changes and reviewing logs for suspicious expression usage provides additional defensive value.

The webhook vector adds additional exposure because a workflow with a public webhook can be triggered remotely once activated. Limiting the use of public webhooks and controlling who can create workflows that expose public endpoints reduces this risk. Reviewing existing webhook configurations and removing those that are no longer required further lowers exposure.

Segmenting automation infrastructure from sensitive internal systems limits lateral movement opportunities, whereas rotating credentials stored within n8n after patching reduces residual risk from potential prior access.

Stay on top of emerging threats like this.

Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities. 

Sign up