{"id":15755,"date":"2026-02-06T20:56:32","date_gmt":"2026-02-06T20:56:32","guid":{"rendered":"https:\/\/newestek.com\/?p=15755"},"modified":"2026-02-06T20:56:32","modified_gmt":"2026-02-06T20:56:32","slug":"six-more-vulnerabilities-found-in-n8n-automation-platform","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15755","title":{"rendered":"Six more vulnerabilities found in n8n automation platform"},"content":{"rendered":"<div>\n<div id=\"remove_no_follow\">\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<section class=\"wp-block-bigbite-multi-title\">\n<div class=\"container\"><\/div>\n<\/section>\n<p>Six more vulnerabilities have been discovered in the n8n workflow platform used for building LLM-powered agents to connect business processes. Four of the six are rated as critical, carrying CVSS severity scores of 9.4.<\/p>\n<p>\u201cThese vulnerabilities span multiple attack classes, from remote code execution and command injection to arbitrary file access and cross-site scripting, all targeting a platform that is frequently deployed with access to secrets, credentials, internal APIs, and business-critical logic,\u201d noted <a href=\"https:\/\/www.linkedin.com\/in\/amit-genkin-48075b213\/\" target=\"_blank\" rel=\"noreferrer noopener\">Amit Genkin<\/a>, a security researchers at Israel-based cloud security provider Upwind,<a href=\"https:\/\/www.upwind.io\/feed\/six-n8n-cves-one-day-workflow-security\" target=\"_blank\" rel=\"noreferrer noopener\"> who blogged about the vulnerabilities this week<\/a>.<\/p>\n<p><a href=\"https:\/\/www.sans.org\/profiles\/dr-johannes-ullrich\" target=\"_blank\" rel=\"noreferrer noopener\">Johannes Ullrich<\/a>, dean of research at the SANS Institute, said the vulnerabilities affect how n8n sandboxes the processes created by different users, and how the host is protected from users with access to n8n.<\/p>\n<p>\u201cThis is less of an issue for a single user system,\u201d he said in an email, \u201cbut n8n is often installed in shared environments. Given the number and severity of the vulnerabilities, it is fair to assume that this is more or less just the \u2018tip of the iceberg\u2019. At this point, multi user n8n deployments should be treated with care.\u201d<\/p>\n<p>The discovery is the second major revelation of issues in the n8n platform this year. Four weeks ago, researchers at Cyera <a href=\"https:\/\/www.csoonline.com\/article\/4113980\/critical-rce-flaw-allows-full-takeover-of-n8n-ai-workflow-platform.html\" target=\"_blank\">published details of a critical vulnerability<\/a>, after it had been patched, that would allow unauthenticated attackers to completely take over n8n deployments.<\/p>\n<p>Also last month, <a href=\"https:\/\/www.csoonline.com\/article\/4115417\/malicious-npm-packages-target-n8n-automation-platform-in-a-supply-chain-attack.html\" target=\"_blank\">it was learned that threat actors are targeting n8n<\/a> by planting malicious packages on the npm registry that claim to be legitimate n8n add-ons.<\/p>\n<p>CSOs with n8n in their environments and developers using the platform should update to the latest version of the application to close the newly-found holes.<\/p>\n<p>The vulnerabilities are:<\/p>\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-21893\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2026-21893<\/a>, a command injection hole in the community edition of n8n. An unauthenticated user with administration permission could execute arbitrary system commands on the n8n host.<br \/>\u201cThe risk is amplified by the trust typically placed in community extensions,\u201d Upwinds said in its commentary, \u201cmaking this a high-impact attack path that directly bridges application-level functionality with host-level execution.<br \/>It carries a CVSS vulnerability score of 9.4;<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-25049\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2026-25049<\/a>, which carries a CVSS score of 9.4. An\u00a0authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n.<br \/>\u201cBecause workflow expressions are a core and commonly used feature in n8n, this flaw significantly lowers the barrier to exploitation and enables full compromise of the underlying host,\u201d commented Upwind in its blog;<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-25052\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2026-25052<\/a>, which carries a CVSS score of 9.4. A vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical configuration data and user credentials, leading to complete account takeover of any user on the instance;<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-25053\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2026-25053<\/a>, which carries a CVSS score of 9.4. This is a vulnerability in the Git node that allows execution of system commands or arbitrary file access;<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-25051\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2026-25051<\/a>, a cross-site scripting vulnerability in the handling of webhook responses and related HTTP endpoints. It carries a CVSS score of 8.5. <br \/>Under certain conditions, the n8n Content Security Policy (CSP) sandbox protection intended to isolate HTML responses may not be applied correctly. An authenticated user with permission to create or modify workflows could abuse this to execute malicious scripts with same-origin privileges when other users interact with the crafted workflow. This could lead to session hijacking and account takeover.<\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-61917\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2025-61917<\/a>, which carries a CVSS score of 7.7. This is an information disclosure vulnerability caused by unsafe buffer allocation in n8n task runners.<\/li>\n<\/ul>\n<p>During an interview, <a href=\"https:\/\/www.linkedin.com\/in\/moshe-hassan-82290a155\/\" target=\"_blank\" rel=\"noreferrer noopener\">Moshe Hassan<\/a>, Upwind\u2019s vice-president of research and innovation, estimated that 83% of his firm\u2019s customers use the n8n platform. But, he added, less than 25% use it in production and\/or may have it exposed to the web. The rest, he said, are testing it.<\/p>\n<p>However, he said those who are evaluating the platform could be at risk if the users enter identity tokens for cloud platforms such as AWS and others as part of their testing. And the fact that large numbers of developers are testing the latest AI-related applications makes it hard for security pros to contain the blast radius of potential vulnerabilities in IT environments, he added.<\/p>\n<p>Generally, to contain vulnerabilities, CSOs have to understand the business logic and data flow of any applications in their environments, Hassan noted. However, risk can be lowered through network segregation, he said, and in addition, engineering should be allowed to create sandboxes for thorough testing of applications before they go into production.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Six more vulnerabilities have been discovered in the n8n workflow platform used for building LLM-powered agents to connect business processes. Four of the six are rated as critical, carrying CVSS severity scores of 9.4. \u201cThese vulnerabilities span multiple attack classes, from remote code execution and command injection to arbitrary file access and cross-site scripting, all targeting a platform that is frequently deployed with access to&#8230; <\/p>\n<p class=\"more\"><a class=\"more-link\" href=\"https:\/\/newestek.com\/?p=15755\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15755","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15755","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15755"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15755\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15755"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15755"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15755"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}