Cyber Intel Brief: n8n AI Workflow Remote Code Execution Vulnerability (CVE-2026-25049)

Key Takeaways

• CVE-2026-25049 is a high-severity vulnerability impacting n8n AI workflows, specifically concerning the evaluation of expressions within workflow parameters.
• Impact: Successful exploitation leads to Remote Code Execution (RCE), potentially granting an attacker full control over the host system running the n8n instance.
• Exploit Status: Proof-of-concept (PoC) exploits have been made available via GitHub and a well-known threat research blog , increasing the likelihood of active exploitation in the wild.
• Mitigation: Organizations must prioritize patching to the latest version and auditing user permissions related to workflow creation and modification.

Overview of the Vulnerability

A critical vulnerability, CVE-2026-25049, has been found affecting the n8n AI workflow automation platform. The flaw is rooted in how n8n processes AI workflows and evaluates expressions. An authenticated user who possesses the permissions to create or modify workflows can leverage specially crafted expressions in workflow parameters to trigger unintended system command execution on the host machine. 

While authentication is required, the severity is considered high to critical due to the potential for full system compromise and lateral movement once a foothold is established. There is no public confirmation of attempted exploitation by malicious actors to date, but that will most likely change quickly with PoCs publicly available.

Technical Details

The vulnerability stems from insufficient sanitization and isolation within the expression evaluation engine of n8n.

• Vector: Attackers inject malicious system commands into workflow parameters that are processed as expressions.
• Execution: When the workflow is triggered, the host system executes these commands with the same privileges as the n8n service process.
• Prerequisite: The attacker must have a valid authenticated session with permissions to edit or create workflows, making this a significant insider threat or a secondary step for an attacker who has previously compromised credentials.

Dataminr Detection

Dataminr’s Recommendations

Malicious insiders or external attackers who have gained unauthorized access to an n8n account would be most likely to exploit this vulnerability. The motivation typically involves data exfiltration, persistence, or using the compromised server as a pivot point for broader network attacks. Given the nature of n8n as a central integration point for various enterprise SaaS and internal tools, a compromise can lead to the exposure of sensitive API keys and credentials stored within the platform.

To protect your organization against exploitation, Dataminr suggests taking the following actions:

• Apply Security Patches: Immediately update all n8n instances to the latest stable release. Consult the official n8n GitHub security advisories for the definitive patched version number.
• Audit Workflow Permissions: Review all user accounts and restrict permissions to create or modify workflows to the absolute minimum necessary personnel. Follow the principle of least privilege.
• Review Existing Workflows: Conduct a thorough audit of all active and recently modified workflows for suspicious or unusual expressions, particularly those interacting with system-level nodes or external APIs.
• Network Isolation: Ensure that the host running n8n is appropriately segmented within the network to prevent lateral movement in the event of a compromise.
• Monitor Logs: Enable and monitor detailed logging for the n8n process, specifically looking for anomalous child process spawning or unexpected outbound network connections.