Tech »  Topic »  Critical n8n flaws discovered - here's how to stay safe

Critical n8n flaws discovered - here's how to stay safe

an hour ago   techradar.com
(Image credit: Future)
  • New flaw in n8n (CVE-2026-25049) allows unauthenticated users to run arbitrary commands on servers
  • Vulnerability risks theft of secrets (API keys, OAuth tokens) and cross-tenant data exposure
  • Patch released in v2.4.0; PoC already public, making immediate updates critical despite temporary workarounds

A critical vulnerability has been found in n8n which allows threat actors to run arbitrary commands on the underlying computers.

In the second half of December 2025, n8n’s developers released CVE-2025-68613, a patch for a critical Remote Code Execution (RCE) vulnerability in the workflow expression evaluation system. Now, security researchers are saying that the patch was inadequate and left exploitable holes.

These holes lead to the same result - escaping the workflow automation platform and taking over the underlying server.

A critical n8n flaw has been discovered - here's how to stay safeThousands of n8n instances under threat from top security issueSAP ...
Copyright of this story solely belongs to techradar.com . To see the full text click HERE