Critical Vulnerability CVE-2026-25049 Discovered in n8n Automation Software

A critical security vulnerability, CVE-2026-25049, has been identified in n8n, a workflow automation platform, allowing attackers to execute arbitrary commands on affected systems. This flaw, rated with a high severity score of 9.4, arises from inadequate data sanitization, enabling circumvention of previous security measures intended to address CVE-2025-68613, a similar issue with a severity score of 9.9 that was patched in December 2025.

The vulnerability can be exploited by users with the ability to create or modify workflows, who can insert malicious code into workflow settings to execute unauthorized commands. This issue is exacerbated by n8n's public link feature, which allows workflows to be accessed and manipulated without authentication, potentially leading to server takeover, data theft, and installation of persistent backdoors.

Security experts, including Fatih Çelik, who discovered the initial bug, emphasize that CVE-2026-25049 essentially bypasses the fix for CVE-2025-68613, allowing attackers to evade security checks. The flaw permits unauthorized access to sensitive information such as API keys, cloud services, and internal systems, and can compromise AI workflows.

The problem is partly due to discrepancies between TypeScript's compile-time checks and JavaScript's runtime behavior, allowing attackers to bypass type checks with malicious inputs. Until a software update is possible, users are advised to implement workarounds to mitigate risk.

The incident underscores the necessity of layered security measures and runtime checks for untrusted data. In addition to CVE-2026-25049, n8n has issued alerts for 11 other vulnerabilities, including five critical ones, urging users to update to the latest version for optimal protection. The platform's flexibility, while advantageous, also heightens the risk of severe system compromise from minor errors.

Stay secure — stay Wavasec. 🔐