Critical n8n Vulnerability: Six CVEs Expose Workflow Automation to RCE

What Happened: Six CVEs, One Day

On February 6, 2026, n8n issued an emergency security bulletin disclosing six vulnerabilities, including a critical remote code execution flaw that bypasses the platform's JavaScript sandbox protection.

The Six CVEs at a Glance

• CVE-2026-25049: Remote Code Execution via Type Confusion (CVSS 9.4 - Critical)
• CVE-2026-25051: Cross-Site Scripting in Workflow Expressions (CVSS 7.1 - High)
• CVE-2026-25050: Authentication Bypass in Webhook Handler (CVSS 8.1 - High)
• CVE-2026-25052: Path Traversal in File Operations (CVSS 7.5 - High)
• CVE-2026-25053: SQL Injection in Database Nodes (CVSS 8.8 - High)
• CVE-2026-25054: Server-Side Template Injection (CVSS 8.2 - High)

This article focuses primarily on CVE-2026-25049, the most critical vulnerability that enables complete sandbox escape and remote code execution.

CVE-2026-25049: Deep Dive into the RCE

Vulnerability Overview

• CVE ID: CVE-2026-25049
• CVSS Score: 9.4 (Critical)
• Attack Vector: Network - Low privileges required
• Affected Versions: n8n < 1.123.17, 2.x < 2.5.2
• Patched Versions: 1.123.17+ and 2.5.2+
• Root Cause: Type confusion in JavaScript expression evaluation

CVSS 9.4 Breakdown

Understanding why this scores 9.4 on the CVSS v3.1 scale:

• Attack Vector (Network): Exploitable remotely over the network
• Attack Complexity (Low): No special conditions required
• Privileges Required (Low): Basic authenticated user access needed
• User Interaction (None): No user action required
• Scope (Changed): Breaks out of the JavaScript sandbox
• Confidentiality Impact (High): Access to all server data
• Integrity Impact (High): Can modify or delete any data
• Availability Impact (High): Can crash or disable the service

Why not 10.0? The requirement for low-privileged authentication prevents the perfect score. However, in many n8n deployments with weak access controls or shared accounts, this distinction becomes meaningless.

Technical Details: How the Attack Works

CVE-2026-25049 exploits a fundamental flaw in how n8n's JavaScript sandbox evaluates workflow expressions. Understanding this vulnerability is crucial for discovering similar bugs in other low-code platforms.

The Type Confusion Bug

n8n uses a sandboxed JavaScript environment (vm2 or isolated-vm) to safely execute user-provided code in workflow expressions. The vulnerability exists in the type checking mechanism that validates objects before they cross the sandbox boundary.

Normal behavior:

1. User provides expression: {{ $json.data }}
2. Sandbox evaluates expression with restricted global scope
3. Result is type-checked before returning to host context
4. Only primitive types and safe objects are allowed through

Vulnerable behavior:

1. Attacker crafts expression with prototype pollution
2. Type checker is confused by specially crafted object structure
3. Malicious object with __proto__ or constructor escapes sandbox
4. Access to Node.js require() and process is gained
5. Full remote code execution achieved

Exploitation Example (Conceptual)

While we won't provide a working exploit, the attack pattern follows this conceptual flow:

// Workflow expression that triggers type confusion
{{
  Object.assign(
    Object.create(null),
    { 
      toString: {}.constructor.constructor('return process')()
    }
  ).mainModule.require('child_process').execSync('whoami')
}}

The type checker fails to properly validate the nested constructor chain, allowing the attacker to:

1. Access the Function constructor
2. Break out of the sandbox scope
3. Reach Node.js's process object
4. Load the child_process module
5. Execute arbitrary system commands

Attack Vectors in Real-World n8n Deployments

Exploitation requires authenticated access, but attackers have multiple entry points:

• Compromised credentials: Phished or leaked login credentials
• Insider threats: Malicious employees or contractors with legitimate access
• Shared workflows: Importing malicious workflow templates
• CSRF/XSS chains: Using CVE-2026-25051 (XSS) to create malicious workflows
• API token leakage: Exposed n8n API keys in public repositories

Real-World Impact: What's at Stake

n8n is deployed in thousands of organizations for business-critical automation. A successful exploit of CVE-2026-25049 provides attackers with:

Immediate Access

• Credential theft: Database passwords, API keys, OAuth tokens stored in workflows
• Cloud provider credentials: AWS, Azure, GCP access keys with broad permissions
• SaaS integration tokens: Slack, GitHub, Salesforce, and hundreds of other services
• Customer data: PII, financial records, business intelligence
• Source code: Workflow logic revealing business processes and security controls

Lateral Movement Capabilities

From a compromised n8n instance, attackers can:

• Pivot to internal databases and APIs using stolen credentials
• Deploy backdoors in connected cloud infrastructure
• Exfiltrate data through legitimate n8n webhook endpoints
• Manipulate automated workflows to inject malicious payloads downstream
• Establish persistence through scheduled workflows

Impact on Bug Bounty Programs

For security researchers, n8n instances in scope represent high-value targets:

• Critical severity payouts: RCE vulnerabilities typically command $10,000-$50,000 bounties
• Chain attacks: Combine with authentication issues for higher impact
• Data exposure: Access to credentials can lead to additional findings

Recommended reading: Hacking APIs by Corey Ball provides excellent coverage of API integration security, crucial for understanding how attackers exploit automation platforms like n8n.

The Other Five Vulnerabilities

While CVE-2026-25049 gets the spotlight, the other five CVEs deserve attention from security researchers:

CVE-2026-25051: XSS in Workflow Expressions (CVSS 7.1)

Stored cross-site scripting in the workflow editor allows attackers to execute JavaScript in the context of other users' browsers. This can be chained with CVE-2026-25049 to create a complete attack: XSS steals session token → Create malicious workflow → RCE.

CVE-2026-25050: Authentication Bypass (CVSS 8.1)

Improper validation of webhook authentication tokens allows unauthenticated attackers to trigger workflows that should require authentication. Combined with the right workflow configuration, this can lead to data exfiltration.

CVE-2026-25052: Path Traversal (CVSS 7.5)

File operation nodes don't properly sanitize file paths, allowing authenticated users to read arbitrary files on the server using ../../../etc/passwd style attacks.

CVE-2026-25053: SQL Injection (CVSS 8.8)

Database query nodes in certain configurations don't properly parameterize user input, leading to SQL injection vulnerabilities. This primarily affects MySQL and PostgreSQL integrations.

CVE-2026-25054: Server-Side Template Injection (CVSS 8.2)

Email and notification templates use an unsafe templating engine that allows authenticated users to inject template directives, potentially leading to information disclosure and code execution.

Learning resource: Web Application Security by Andrew Hoffman covers XSS, SSTI, and SQL injection in depth—essential reading for understanding these vulnerability classes.

Detection Strategies

If you're responsible for securing n8n deployments or hunting for vulnerable instances, here are detection strategies:

For Defenders

Check your version immediately:

# If you have CLI access to n8n
n8n --version

# Or check the web UI: Settings → About
# Or check package.json in the installation directory

Audit logs for suspicious activity:

• Workflows created or modified with complex JavaScript expressions
• Workflow executions that failed with sandbox escape errors
• Unusual file access patterns in workflow execution logs
• New workflows accessing sensitive database or API nodes
• Webhook triggers from unexpected IP addresses

Runtime monitoring:

• Monitor for unusual child processes spawned by n8n
• Alert on require() calls for dangerous modules: child_process, fs, net
• Watch for network connections to unexpected external hosts
• Track file system modifications in n8n's data directory

For Bug Hunters

Reconnaissance techniques:

• Shodan/Censys: Search for n8n instances with exposed UI or API
• Version detection: Check HTTP headers, JavaScript bundles, or the /rest/settings endpoint
• Authentication bypass testing: Test webhook endpoints without proper tokens (CVE-2026-25050)
• Workflow import: Some instances allow public workflow templates—test these for injection vectors

Exploitation testing (authorized only):

1. Create a test workflow with JavaScript expression nodes
2. Inject prototype pollution payloads
3. Monitor for sandbox escape indicators (error messages, behavior changes)
4. Test with safe commands (whoami, pwd) before escalating
5. Document and report through proper responsible disclosure channels

Essential toolkit: Raspberry Pi 5 makes an excellent portable security testing lab for running vulnerable n8n instances in isolated environments.

Remediation Steps

Immediate Actions (Critical)

1. Upgrade immediately to patched versions:
   • Version 1.x: Upgrade to 1.123.17 or later
   • Version 2.x: Upgrade to 2.5.2 or later
2. Audit existing workflows: Review all workflows for suspicious JavaScript expressions, especially those created or modified in the past 30 days
3. Rotate credentials: Change all API keys, database passwords, and OAuth tokens stored in n8n
4. Review access logs: Check for unauthorized workflow executions or suspicious API calls
5. Implement network segmentation: Isolate n8n instances from critical infrastructure

Long-Term Security Improvements

• Principle of least privilege: Limit user permissions to only necessary workflows
• Workflow approval process: Require security review for workflows with JavaScript expressions
• Network controls: Use firewalls to restrict n8n's outbound connections
• Secret management: Use external secret stores (HashiCorp Vault, AWS Secrets Manager) instead of storing credentials in n8n
• Container security: Run n8n in hardened containers with read-only file systems where possible
• Monitoring and alerting: Implement SIEM rules for n8n security events

Upgrade Process

# Docker deployment
docker pull n8nio/n8n:latest
docker-compose down
docker-compose up -d

# npm installation
npm update -g n8n

# Verify the upgrade
n8n --version
# Should show 1.123.17+ or 2.5.2+

Note: Always test upgrades in a staging environment first. Back up your n8n database before upgrading.

Learning Opportunities for Security Researchers

The n8n vulnerabilities highlight several key security patterns worth studying:

1. JavaScript Sandbox Escape Techniques

Type confusion and prototype pollution are recurring themes in JavaScript sandbox escapes. Understanding these patterns helps identify similar vulnerabilities in:

• Low-code/no-code platforms (Zapier, Make, Integromat)
• Workflow orchestration tools (Apache Airflow, Temporal)
• Serverless platforms with JavaScript execution
• Browser extension sandboxes

2. Automation Platform Security

Workflow automation platforms are high-value targets because they:

• Store credentials for multiple services in one place
• Have broad permissions across infrastructure
• Execute user-provided code (huge attack surface)
• Often run with elevated privileges

3. Vulnerability Chaining

The six CVEs can be combined for greater impact:

• XSS (CVE-2026-25051) → Session hijacking → RCE (CVE-2026-25049)
• Auth bypass (CVE-2026-25050) → Path traversal (CVE-2026-25052) → Credential theft
• SSTI (CVE-2026-25054) → Information disclosure → Privilege escalation

Recommended Resources

• The Hacker Playbook 3 by Peter Kim—practical penetration testing techniques applicable to automation platforms
• WiFi Pineapple—excellent for testing authentication bypass scenarios in network-deployed instances
• Burp Suite Cookbook—essential for API testing and intercepting n8n webhook traffic

Disclosure Timeline

• December 2025: Initial vulnerability discovery by multiple research teams
• January 15, 2026: Coordinated disclosure to n8n security team
• January 20-30, 2026: Patch development and internal testing
• February 6, 2026: Public security bulletin released
• February 6, 2026: Patched versions 1.123.17 and 2.5.2 released
• February 7-10, 2026: Security researchers publish technical analyses

Credit: The vulnerabilities were discovered and responsibly disclosed by security researchers from Endor Labs, SentinelOne, Upwind, and independent contributors.

Frequently Asked Questions

Conclusion

CVE-2026-25049 and its five companion vulnerabilities represent a critical security event for the workflow automation ecosystem. With a CVSS score of 9.4 and the potential for complete server compromise, this vulnerability demands immediate attention from anyone running n8n.

Key takeaways:

• Upgrade to n8n 1.123.17+ or 2.5.2+ immediately—this is not optional
• Audit all workflows for suspicious JavaScript expressions
• Rotate all credentials stored in n8n workflows
• Implement monitoring for sandbox escape attempts
• Apply the principle of least privilege to all n8n users

For security researchers and bug bounty hunters, these vulnerabilities provide valuable learning opportunities. Understanding sandbox escape techniques, automation platform security, and vulnerability chaining will serve you well as low-code platforms continue to proliferate.

The pattern is clear: Workflow automation platforms that execute user-provided code are high-risk, high-value targets. As organizations increasingly adopt these tools, expect more critical vulnerabilities to surface.

Stay sharp, test responsibly, and keep your n8n instances patched.

References & Further Reading

• Endor Labs: CVE-2026-25049 n8n RCE Analysis
• SentinelOne: CVE-2026-25049 Vulnerability Database Entry
• The Hacker News: Critical n8n Flaw CVE-2026-25049
• Upwind: Six n8n CVEs in One Day
• n8n Official Security Bulletin - February 6, 2026

Recommended Books & Tools

• Hacking APIs by Corey Ball
• Web Application Security by Andrew Hoffman
• The Hacker Playbook 3 by Peter Kim
• Raspberry Pi 5 - Security Testing Lab
• WiFi Pineapple Mark VII - Network Security Testing
• Burp Suite Cookbook - Web Application Testing