15 matches found
n8n Improper Control of Dynamically-Managed Code Resources Vulnerability
n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution...
Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 CVSS score: 9.4, is the result of inadequate sanitization that bypasse...
Improper Control of Dynamically-Managed Code Resources
Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the workflow expression evaluation system. An attacker can execute arbitrary code with the privileges of the underlying process by...
CVE-2026-25049 n8n Has an Expression Escape Vulnerability Leading to RCE
n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue h...
CVE-2026-25049
n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue h...
CVE-2026-1470
n8n contains a critical Remote Code Execution RCE vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An...
GHSA-5XRP-6693-JJX9 n8n Unsafe Workflow Expression Evaluation Allows Remote Code Execution
n8n contains a critical Remote Code Execution RCE vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An...
CVE-2026-1470
n8n contains a critical Remote Code Execution RCE vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An...
CVE-2026-1470
n8n contains a critical Remote Code Execution RCE vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An...
PT-2026-4918
n8n and Affected Versions n8n affected versions not specified Description n8n is affected by a critical Remote Code Execution RCE issue within its workflow Expression evaluation system. An authenticated attacker can leverage this to execute arbitrary code with the privileges of the n8n process...
CVE-2025-66916
The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing...
Exploit for CVE-2025-68613
CVE-2025-68613 n8n is an open source workflow automation plat...
GHSA-V98V-FF95-F3CP n8n Vulnerable to Remote Code Execution via Expression Injection
Impact n8n contains a critical Remote Code Execution RCE vulnerability in its workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from...
Exploit for CVE-2025-68613
CVE-2025-68613 n8n is an open source workflow automation pla...
CVE-2025-68613
n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution RCE vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated...