Lucene search
K

15 matches found

CISA KEV Catalog
CISA KEV Catalog
added 2026/03/11 12:0 a.m.12 views

n8n Improper Control of Dynamically-Managed Code Resources Vulnerability

n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution...

9.9CVSS6AI score0.97875EPSS
In wildExploits29
The Hacker News
The Hacker News
added 2026/02/05 6:16 a.m.19 views

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 CVSS score: 9.4, is the result of inadequate sanitization that bypasse...

9.9CVSS7.9AI score0.97875EPSS
Exploits32
Snyk
Snyk
added 2026/02/04 6:3 p.m.7 views

Improper Control of Dynamically-Managed Code Resources

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the workflow expression evaluation system. An attacker can execute arbitrary code with the privileges of the underlying process by...

9.9CVSS6.7AI score0.97875EPSS
Exploits29References2
Vulnrichment
Vulnrichment
added 2026/02/04 4:46 p.m.3 views

CVE-2026-25049 n8n Has an Expression Escape Vulnerability Leading to RCE

n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue h...

9.4CVSS5.5AI score0.01196EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/04 4:46 p.m.2 views

CVE-2026-25049

n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue h...

9.4CVSS5.5AI score0.01196EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/28 3:18 p.m.7 views

CVE-2026-1470

n8n contains a critical Remote Code Execution RCE vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An...

9.9CVSS6.4AI score0.18071EPSS
Exploits2References1
OSV
OSV
added 2026/01/27 3:30 p.m.6 views

GHSA-5XRP-6693-JJX9 n8n Unsafe Workflow Expression Evaluation Allows Remote Code Execution

n8n contains a critical Remote Code Execution RCE vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An...

9.9CVSS6.3AI score0.18071EPSS
Exploits2References6
OSV
OSV
added 2026/01/27 3:15 p.m.3 views

CVE-2026-1470

n8n contains a critical Remote Code Execution RCE vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An...

9.9CVSS6.3AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/27 2:23 p.m.5 views

CVE-2026-1470

n8n contains a critical Remote Code Execution RCE vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An...

9.9CVSS6.3AI score0.18071EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.8 views

PT-2026-4918

n8n and Affected Versions n8n affected versions not specified Description n8n is affected by a critical Remote Code Execution RCE issue within its workflow Expression evaluation system. An authenticated attacker can leverage this to execute arbitrary code with the privileges of the n8n process...

9.9CVSS9.5AI score0.18071EPSS
Exploits2References41
Cvelist
Cvelist
added 2026/01/08 12:0 a.m.20 views

CVE-2025-66916

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing...

0.00628EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2025/12/24 1:19 p.m.226 views

Exploit for CVE-2025-68613

CVE-2025-68613 n8n is an open source workflow automation plat...

9.9CVSS7.6AI score0.97875EPSS
Exploits29
OSV
OSV
added 2025/12/22 4:19 p.m.7 views

GHSA-V98V-FF95-F3CP n8n Vulnerable to Remote Code Execution via Expression Injection

Impact n8n contains a critical Remote Code Execution RCE vulnerability in its workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from...

9.9CVSS8.2AI score0.97875EPSS
Exploits29References8
GithubExploit
GithubExploit
added 2025/12/22 6:45 a.m.153 views

Exploit for CVE-2025-68613

CVE-2025-68613 n8n is an open source workflow automation pla...

9.9CVSS7.8AI score0.97875EPSS
Exploits29
NVD
NVD
added 2025/12/19 11:15 p.m.11 views

CVE-2025-68613

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution RCE vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated...

9.9CVSS0.97875EPSS
Exploits29References6
Rows per page
Query Builder