Critical N8n Flaws Disclosed Along with Public Exploits

The open‑source workflow engine n8n has become a staple for developers building integrations, yet its rapid adoption has exposed a critical security gap. CVE‑2026‑25049 allows an attacker with workflow‑creation rights to inject malicious JavaScript, escape the AST‑based sandbox, and gain unrestricted access to the underlying Node.js process. This flaw not only defeats the recent fix for CVE‑2025‑68613 but also demonstrates how type‑confusion and inadequate runtime checks can undermine TypeScript‑based safeguards. Researchers from Pillar Security, Endor Labs, and SecureLayer7 documented a full attack chain that reaches the server’s filesystem, credential store, and connected cloud services.

For organizations that host n8n in multi‑tenant environments, the risk escalates dramatically. A compromised instance can serve as a pivot point to other tenants’ data, exposing API keys, OAuth tokens, and proprietary AI workflow prompts. The vulnerability aligns with a broader trend where automation platforms become attractive targets for supply‑chain attacks, as they often sit between internal systems and external APIs. Although no confirmed wild exploits have surfaced, GreyNoise reported a surge of probing activity against exposed n8n endpoints, hinting at imminent exploitation attempts.

Mitigation now hinges on swift patch adoption: versions 2.5.2 and 1.123.17 address the sandbox bypass, while temporary controls include restricting workflow edit permissions and running n8n with hardened OS privileges. Administrators should also rotate the N8N_ENCRYPTION_KEY and audit stored credentials. Looking ahead, the incident underscores the need for rigorous runtime validation and continuous security testing in low‑code automation tools, as their expanding role in enterprise IT makes them prime vectors for sophisticated attacks.