Critical n8n Workflow Vulnerability CVE-2026-25049 Enables Remote System Command Execution

A critical security vulnerability tracked as CVE-2026-25049 has been disclosed in the n8n workflow automation platform, allowing authenticated users to execute arbitrary system commands on the host running the service. The flaw carries a CVSS score of 9.4 and represents a bypass of an earlier fix for CVE-2025-68613, a similarly severe issue patched in late 2025.

The vulnerability exists in n8n’s expression evaluation engine, which is used to dynamically process workflow parameters at runtime. Although n8n introduced sanitization logic to mitigate CVE-2025-68613, researchers found that these controls could be bypassed through crafted expressions that exploit gaps between TypeScript’s compile-time type enforcement and JavaScript’s runtime behavior.

At a technical level, the sanitization mechanism assumes that certain values are strings based on TypeScript type definitions. However, because runtime attacker-supplied input is not subject to compile-time enforcement, an attacker can inject non-string objects that bypass validation entirely. This allows malicious expressions to escape the intended sandbox and invoke underlying system command execution paths.

Exploitation requires an authenticated user with permission to create or modify workflows. In practice, the risk escalates significantly when combined with n8n’s webhook feature. An attacker can create a publicly accessible webhook with no authentication, embed a malicious expression into a workflow node, and expose the endpoint to the internet. Once activated, any external request to the webhook can trigger remote command execution on the server.

Successful exploitation grants attackers full control over the n8n host, enabling credential theft, file system access, data exfiltration, and deployment of persistent backdoors. Because n8n is often integrated with cloud services, databases, and AI workflows, compromise can cascade into connected environments, including cloud accounts and automation pipelines.

The vulnerability affects n8n versions prior to 1.123.17 and 2.5.2, both of which contain fixes that strengthen runtime validation and close the sandbox escape vector. Organizations running affected versions are strongly advised to update immediately.

In environments where patching is not immediately possible, limiting workflow creation and editing permissions to fully trusted users and deploying n8n within a hardened execution environment can reduce exposure. However, these measures should be treated as temporary mitigations rather than long-term solutions.

CVE-2026-25049 underscores the risks inherent in expression-driven automation platforms, particularly when user-defined logic is evaluated at runtime. It also highlights the importance of enforcing strict runtime validation rather than relying on compile-time type assumptions when processing untrusted input.