Multiple critical vulnerabilities in the n8n workflow automation platform (tracked as CVE-2026-25049) let any authenticated user who can create or edit workflows escape the sandbox and achieve remote code execution on the host server. Researchers demonstrated PoCs showing sanitization and type-confusion bypasses that evaded earlier fixes, and n8n has released patches—users should update to the patched versions and rotate keys and credentials to mitigate risk. #CVE-2026-25049 #n8n
Keypoints
- Authenticated workflow creators can achieve unrestricted remote code execution on the n8n server.
- The root cause is incomplete AST-based sandboxing and sanitization/type-confusion bypasses that bypassed earlier fixes for CVE-2025-68613.
- Pillar Security, Endor Labs, and SecureLayer7 produced PoCs showing filesystem access, credential theft, cloud pivoting, and AI workflow hijacking.
- n8n released patched versions (recommended 1.123.17 and 2.5.2) and advises updating, rotating N8N_ENCRYPTION_KEY, and refreshing stored credentials.
- As a temporary mitigation, restrict workflow creation/editing to trusted users and deploy n8n in a hardened environment with limited OS privileges and network access.