Patch meant to close a severe expression bug fails to stop attackers with workflow access

Multiple newly disclosed bugs in the popular workflow automation tool n8n could allow attackers to hijack servers, steal credentials, and quietly disrupt AI-driven business processes.

The vulnerabilities, collectively tracked as CVE-2026-25049, stem from weaknesses in how n8n sanitizes expressions inside workflows and could enable authenticated users to smuggle malicious code past safeguards introduced to fix CVE-2025-68613, a December 2025 vulnerability that already carried a near-perfect severity score.

The new flaws carry a CVSS rating of 9.4, though some researchers argue the real-world impact could be even worse.

n8n – an open source automation platform widely used to stitch together cloud apps, internal services, and increasingly AI-driven workflows – confirmed the issue in a security advisory published Wednesday. Maintainers warned that users with permission to create or modify workflows could craft expressions that trigger unintended command execution on the host system.

"Additional exploits in the expression evaluation of n8n have been identified ...