CVE-2026-25049: Critical n8n Workflow Vulnerability Enables Host Command Execution (Patch Now)

Updated: February 9, 2026

A newly disclosed critical vulnerability in the n8n workflow automation platform—CVE-2026-25049—can allow host-level system command execution when a user with workflow creation/edit permissions abuses crafted expressions inside workflow parameters. In plain words: if someone can create or modify workflows on a vulnerable instance, they may be able to break out of the workflow context and impact the underlying server.

This matters because n8n often stores powerful secrets (API keys, OAuth tokens, credentials) and connects to internal systems—so a single compromised workflow can have a much bigger blast radius than a typical web app bug.

CVE-2026-25049: Critical n8n Workflow Vulnerability Enables Host Command Execution (Patch Now)

Severity: Why this is “critical”

NVD shows the vulnerability as Critical, with a CVSS 4.0 score of 9.4 (CNA: GitHub) and CVSS 3.1 base score 9.9.

Who is affected?

According to NVD and GitHub’s advisory:

Affected: n8n versions before 1.123.17 and before 2.5.2 (including 2.0.0 up to 2.5.1)

Fixed: 1.123.17 and 2.5.2 (and newer)

If your n8n is internet-exposed, has multiple users/teams, or allows broad workflow editing, treat this as urgent.

What should you do right now? (Fast checklist)
1) Patch immediately (the real fix)

Upgrade to n8n 1.123.17+ or 2.5.2+ (or simply upgrade to the latest stable release available to you).

n8n also published additional “upgrade targets” across maintained branches in a Feb 6 bulletin (examples listed: 1.123.18+, 2.4.8+, or 2.6.2+, depending on your branch).

2) Temporary mitigation (only if you can’t patch today)

GitHub’s advisory recommends:

Limit workflow creation/editing to fully trusted users only

Run n8n in a hardened environment (restricted OS privileges + restricted network access)

3) Assume secrets might be exposed (do this after patching)

Because the impact can include access to credentials stored/used by workflows, plan to:

Rotate API keys / OAuth tokens / webhook secrets

Review your credential store and connected apps for unusual activity

How to quickly check if you’re vulnerable

Check the n8n version shown in your admin UI (or your Docker image tag / deployment manifest).

If it’s < 1.123.17 or 2.0.0–2.5.1, you should treat it as vulnerable and upgrade.

Is there public exploit code?

Multiple reports indicate a public proof-of-concept has been discussed/released by researchers, which increases urgency for patching.

(For safety, this article won’t share exploit steps or payloads—patching and hardening are the right actions.)

Signs you should investigate (high level)

Consider a quick review if you suspect exposure:

Unexpected workflow edits/creations or new credentials added

Unusual outbound network connections from the n8n host/container

New scheduled workflows you don’t recognize

If you suspect compromise: isolate the instance, preserve logs, rotate secrets, and rebuild from a known-good environment.