Article At A Glance
- CVE-2025-68613 is a critical remote code execution flaw in n8n with a CVSS score between 9.9 and 10.0 — and it is being actively exploited in the wild right now.
- CISA added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog on March 11, 2026, making it the first n8n flaw ever listed in the catalog.
- Over 24,700 n8n instances remain exposed, with federal agencies given a hard deadline of March 25, 2026 to patch — keep reading to find out if your setup is at risk.
- A second critical flaw, CVE-2026-27577 (CVSS 9.4), was also disclosed around the same time, compounding the threat for unpatched users.
- Patches were released in December 2025 in versions 1.120.4, 1.121.1, and 1.122.0 — if you haven’t updated yet, your system may already be compromised.
One of the most widely used workflow automation tools just became one of the most dangerous unpatched systems on the internet.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability in n8n to its Known Exploited Vulnerabilities catalog on March 11, 2026, confirming what security researchers had feared — this flaw is being actively weaponized. With tens of thousands of instances still exposed, the window to act is closing fast. Cybersecurity teams tracking these threats can find ongoing threat intelligence and analysis through resources like The Hacker News, which has been covering the n8n situation closely as it develops.
CISA Just Added n8n to Its Most Dangerous Vulnerabilities List
When CISA adds something to its KEV catalog, it is not a theoretical warning — it means real attackers are actively exploiting that vulnerability against real targets. The n8n flaw tracked as CVE-2025-68613 earned that designation on March 11, 2026, and the implications are serious for any organization running n8n in their stack.
CVE-2025-68613 Carries a Near-Perfect CVSS Score of 9.9–10.0
Different scoring sources place CVE-2025-68613 at either a 9.9 or a perfect 10.0 on the CVSS scale. Either way, this sits at the absolute top of the severity spectrum. The vulnerability exists in n8n’s workflow expression evaluation system, where improper control of dynamically managed code resources allows an attacker to inject expressions that execute arbitrary code on the host system.
What makes this especially alarming is the attack surface. n8n workflows often have broad access to internal systems, APIs, databases, and credentials — meaning code execution inside n8n can rapidly escalate into full infrastructure compromise. This is not a sandboxed environment. Code runs with the privileges of the n8n process itself.
This Is the First n8n Vulnerability Ever Added to the KEV Catalog
n8n has never appeared in CISA’s KEV catalog before. This is a first — and it signals a shift in attacker interest toward automation and workflow platforms as high-value targets. As organizations increasingly rely on tools like n8n to connect sensitive systems and automate critical processes, these platforms have become prime targets for threat actors looking for privileged access with minimal effort.
CISA’s official statement on CVE-2025-68613:
“N8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution.”The fact that this is n8n’s debut in the KEV catalog does not mean the platform has been historically secure — it means attackers have now found a flaw worth exploiting at scale, and they are doing exactly that. Learn more about similar incidents in the Telus digital data breach.
Federal Agencies Have Until March 25, 2026 to Patch
CISA’s KEV listing came with a binding operational directive for federal agencies — patch CVE-2025-68613 by March 25, 2026. That is a two-week window from the date of the alert, which is tight by any standard. For private sector organizations, the deadline is not legally binding, but the urgency is identical. Active exploitation means every day without a patch is a day of open exposure.
What Is n8n and Why Should You Care
If n8n is not already in your organization’s software inventory, there is a good chance it is running somewhere you have not checked. It is the kind of tool that developers and operations teams adopt quickly because it solves real problems fast.
n8n Is a Workflow Automation Tool Used Across Businesses and Government
n8n is an open-source, node-based workflow automation platform that allows users to connect applications, APIs, and services through visual workflows — no deep coding required. It is available as a self-hosted solution or as a cloud service, and it has built a large user base across startups, enterprises, and public sector organizations. According to npm statistics, the n8n package receives approximately 57,000 downloads per week, reflecting its deep penetration across development and operations environments.
Why Workflow Automation Tools Are High-Value Targets for Attackers
Workflow automation tools sit at the center of an organization’s data flows. They hold API keys, database credentials, webhook secrets, and authentication tokens. They trigger actions across dozens of connected systems. Compromising a workflow automation platform does not just give an attacker a foothold — it gives them a map of your entire operation and the keys to execute actions across it.
That is precisely why CVE-2025-68613 is so dangerous. This is not a vulnerability in an isolated application. It is a vulnerability in the connective tissue of modern infrastructure.
What CVE-2025-68613 Actually Does
Understanding the mechanics of this flaw is critical for assessing your exposure and explaining the risk to leadership. This is not a vague “remote code execution vulnerability” — the attack path is specific and well-documented.
Expression Injection in the Workflow Evaluation System Enables RCE
n8n allows users to write dynamic expressions inside workflows — small pieces of logic that reference data, transform values, and control flow. The vulnerability exists because n8n’s expression evaluation system does not properly control how dynamically managed code resources are handled. An attacker who can craft a malicious expression and have it evaluated by the system can break out of the intended execution context and run arbitrary code on the underlying host.
An Authenticated Attacker Can Execute Code With n8n Process Privileges
The attack requires authentication, which might sound reassuring — but it should not be. In any organization where n8n is deployed, there are likely multiple users with workflow creation or editing access. A single compromised account, a phishing victim, or a malicious insider is all it takes. Once authenticated, the attacker does not need elevated permissions to trigger the vulnerability. Standard workflow editing access is enough.
When the malicious expression executes, it runs with the full privileges of the n8n process on the host system. Depending on how n8n is deployed, that could mean root-level access, access to mounted file systems, access to environment variables containing secrets, or the ability to make outbound network connections to attacker-controlled infrastructure. The blast radius is entirely dependent on how n8n was configured — and most deployments are not hardened. For more insights, check out the Telus Digital data breach incident.
Full System Compromise, Data Theft, and Workflow Tampering Are All Possible
Once an attacker has code execution inside the n8n process, the attack scenarios multiply quickly. They can exfiltrate stored credentials and API keys embedded in workflows, tamper with existing automations to redirect data or trigger unauthorized actions, establish persistent backdoors on the host, or use n8n’s existing integrations as a launchpad to pivot deeper into connected systems. What starts as a single expression injection can become a full organizational breach.
24,700 Exposed Instances and a Second Critical Flaw
The patch for CVE-2025-68613 dropped in December 2025. Three months later, more than 24,700 n8n instances are still reachable from the public internet without protection. That number represents a massive attack surface — and active exploitation is already confirmed.
The exposure problem did not appear overnight. Security researchers had been tracking the vulnerable instance count since the patch was first released, watching it decrease far too slowly. The combination of a near-perfect CVSS score, confirmed active exploitation, and tens of thousands of unpatched public-facing instances makes this one of the most urgent patching situations in recent memory for the automation and DevOps community.
Censys Tracked Over 103,000 Potentially Vulnerable Instances in December 2025
When the vulnerability was first disclosed in December 2025, internet scanning platform Censys identified over 103,000 potentially vulnerable n8n instances exposed to the internet. That number has since declined, but not nearly enough. As of CISA’s March 2026 alert, approximately 24,700 instances remain exposed — meaning the majority of organizations still have not applied a patch that has been available for months.
The gap between patch availability and actual patch adoption is one of the most persistent problems in cybersecurity, and this situation illustrates it starkly. Over 103,000 known exposed instances at disclosure. A patch available since December 2025. And still nearly 25,000 unprotected systems online when CISA was forced to issue a formal alert about active exploitation.
- December 2025: CVE-2025-68613 patched in versions 1.120.4, 1.121.1, and 1.122.0
- December 2025: Censys identifies 103,000+ potentially vulnerable instances exposed online
- March 11, 2026: CISA adds CVE-2025-68613 to the Known Exploited Vulnerabilities catalog
- March 11, 2026: Pillar Security discloses a second critical flaw, CVE-2026-27577
- March 12, 2026: Reports confirm 24,700 instances still remain publicly exposed
- March 25, 2026: CISA deadline for federal agencies to patch
Every instance still running a vulnerable version of n8n is a potential entry point for attackers who are confirmed to already be scanning and exploiting this flaw at scale.
CVE-2026-27577 Is a Related Exploit With a CVSS Score of 9.4
Just as the CVE-2025-68613 situation was reaching peak urgency, security firm Pillar Security disclosed a second critical vulnerability in n8n — CVE-2026-27577, carrying a CVSS score of 9.4. This flaw was classified as representing “additional exploits” discovered in n8n’s workflow expression evaluation system following the original CVE-2025-68613 discovery. Two critical flaws in the same component, disclosed within months of each other, signals that this area of n8n’s codebase deserves deep scrutiny from both defenders and the n8n development team.
Most Exposed Instances Are Located in the U.S., Germany, and France
Geographic exposure data shows that the bulk of publicly accessible n8n instances are concentrated in three countries: the United States, Germany, and France. This aligns with n8n’s strongest user bases in North America and Europe, where the platform has seen the highest adoption rates among technology companies, digital agencies, and enterprise automation teams. For more information on related security breaches, you can read about the Telus digital data breach.
For security teams operating in these regions, the geographic concentration is not just a statistic — it directly increases the probability that your organization or your clients are running an exposed instance. The attack surface is densest precisely where n8n is most popular.
Which Versions Are Affected and What Was Patched
Any n8n instance running a version prior to 1.120.4 is vulnerable to CVE-2025-68613. The patches were released in December 2025 across three version branches:
Patched Version Release Timeline Status 1.120.4 December 2025 ✅ Patched 1.121.1 December 2025 ✅ Patched 1.122.0 December 2025 ✅ Patched All versions below 1.120.4 Prior releases ❌ Vulnerable If you are running n8n in a self-hosted environment, check your current version immediately. Cloud-hosted n8n instances managed directly by n8n’s team should already reflect the patch, but verification is still recommended to confirm your environment is not running a pinned or legacy version.
How to Fix This Right Now
Patching CVE-2025-68613 is straightforward, but patching alone is not enough. The broader configuration and access controls around your n8n deployment need attention. Here is the complete remediation approach, in priority order.
1. Upgrade to n8n Version 1.120.4, 1.121.1, or 1.122.0 Immediately
This is the non-negotiable first step. Pull the latest patched version from the official n8n repository and deploy it to all instances in your environment — development, staging, and production. Do not assume your cloud provider or platform has handled this automatically. Verify the running version directly. If you are using Docker, update your image tag and redeploy. If you are running n8n via npm, execute npm update n8n and confirm the installed version reflects one of the three patched releases.
2. Restrict Workflow Creation and Editing to Fully Trusted Users Only
Because CVE-2025-68613 requires authentication, tightening access controls is a critical secondary defense. Audit every user account in your n8n instance right now. Remove workflow editing permissions from any account that does not absolutely require it. Implement role-based access control so that the ability to create or modify workflows — particularly those that use dynamic expressions — is limited to a minimal set of verified, trusted users. Least privilege is not optional here; it is the difference between a contained incident and a full breach.
3. Run n8n in a Hardened Environment With Restricted OS and Network Access
Even a fully patched n8n instance should not be sitting exposed on the public internet without defensive layers around it. Deploy n8n behind a reverse proxy or VPN and restrict direct internet access to the service entirely if your use case allows it. Run n8n inside a container with a read-only file system where possible, limit outbound network connections to only the destinations your workflows actually require, and ensure the n8n process runs as a low-privilege user — never as root. Environment variables containing secrets should be injected at runtime rather than hardcoded into workflow configurations.
4. Review CISA’s KEV Catalog for Any Other Vulnerabilities in Your Stack
The n8n situation is a reminder that the KEV catalog exists precisely for moments like this. CISA’s Known Exploited Vulnerabilities catalog is a continuously updated list of flaws confirmed to be actively exploited in the wild, and cross-referencing your full software inventory against it should be a regular practice — not a reactive one. Every tool in your automation and integration stack, not just n8n, deserves the same scrutiny. Workflow platforms, API gateways, integration middleware, and automation engines are all high-value targets that attackers are increasingly focused on.
Unpatched n8n Instances Are an Open Door for Attackers
Three months passed between the availability of the patch and CISA’s formal alert about active exploitation. That gap tells you everything you need to know about the real-world patching behavior of organizations running n8n at scale. With 24,700 instances still publicly exposed as of March 2026, and a confirmed exploitation pattern already in motion, every day without action is a calculated risk — one that attackers are actively betting against you. If you manage n8n in any capacity, the time to act was December 2025. The next best time is right now.
Frequently Asked Questions
Quick Reference: CVE-2025-68613 at a Glance
CVE ID: CVE-2025-68613
CVSS Score: 9.9 – 10.0 (Critical)
Vulnerability Type: Expression Injection → Remote Code Execution
Affected Component: n8n Workflow Expression Evaluation System
Patch Available: Yes — Versions 1.120.4, 1.121.1, 1.122.0 (December 2025)
CISA KEV Added: March 11, 2026
Federal Patch Deadline: March 25, 2026
Active Exploitation Confirmed: YesThe questions below address the most critical points security teams and system administrators need clarity on when responding to this threat. If you are triaging this situation right now, start with the patching FAQ and work outward from there.
One important nuance that often gets lost in the noise around critical CVEs is the difference between a vulnerability being disclosed and being actively exploited. CVE-2025-68613 crossed that threshold — it is confirmed exploited, not just theoretically dangerous. That distinction is what drove CISA to act and what should drive your response.
The second flaw, CVE-2026-27577, adds another layer of urgency. It was disclosed by Pillar Security at nearly the same time CISA issued its alert, and it targets the same expression evaluation system. Organizations that patch CVE-2025-68613 but fail to track CVE-2026-27577 may still be leaving a critical door open.
If your organization has a formal vulnerability management program, both of these CVEs should be escalated to your highest priority tier immediately. If you do not have a formal program, use this incident as the forcing function to build one — starting with regular KEV catalog reviews as a baseline practice.
What Is CVE-2025-68613 and Why Is It Dangerous?
CVE-2025-68613 is a critical remote code execution vulnerability in n8n’s workflow expression evaluation system. It carries a CVSS score of 9.9 to 10.0 and allows an authenticated attacker to inject malicious expressions that execute arbitrary code with the privileges of the n8n process. Because n8n typically holds API keys, credentials, and direct connections to sensitive internal systems, successful exploitation can rapidly escalate into full infrastructure compromise — making this one of the most dangerous vulnerabilities disclosed in the automation platform space. For more information on recent security incidents, you can read about the Telus digital data breach.
Has CVE-2025-68613 Been Actively Exploited in the Wild?
Yes. CISA’s addition of CVE-2025-68613 to the Known Exploited Vulnerabilities catalog on March 11, 2026 confirms active exploitation. CISA only adds vulnerabilities to the KEV catalog when there is concrete evidence that threat actors are using a flaw in real attacks against real targets. This is not a theoretical risk or a proof-of-concept scenario — exploitation is happening right now, and 24,700 publicly exposed instances remain at risk as of the CISA alert date.
What n8n Versions Fix the CVE-2025-68613 Vulnerability?
The vulnerability was patched in December 2025 across three version releases: 1.120.4, 1.121.1, and 1.122.0. Any n8n instance running a version below 1.120.4 is vulnerable and should be updated immediately. To check your current version, run n8n –version from the command line or inspect your Docker image tag. Do not rely on assumptions about auto-updates — verify the running version directly in each environment where n8n is deployed.
What Should I Do If I Cannot Patch n8n Immediately?
If an immediate upgrade is not possible due to operational constraints, apply compensating controls as quickly as possible. First, remove workflow creation and editing access from all non-essential users. Second, isolate the n8n instance from the public internet by placing it behind a VPN or restricting access to trusted IP ranges only. Third, increase monitoring on the n8n host for unusual process execution, outbound network connections, or file system changes that could indicate active exploitation.
These measures reduce your exposure but do not eliminate it. A compensating control strategy is a temporary bridge, not a substitute for patching. Set a hard internal deadline — no more than 72 hours — to complete the upgrade. Document the compensating controls and the rationale for the delay if your organization requires change management approval, and escalate the urgency to leadership with reference to CISA’s KEV listing and confirmed active exploitation as justification for emergency change procedures.
Does This Vulnerability Affect Self-Hosted and Cloud n8n Instances?
CVE-2025-68613 primarily affects self-hosted n8n deployments where the instance version is controlled by the deploying organization. If you are running n8n on your own infrastructure — whether on bare metal, a VM, or in a container — and you have not updated to one of the patched versions, you are vulnerable.
For cloud-hosted n8n instances managed directly through n8n’s official cloud platform, the vendor is responsible for applying patches. However, even cloud users should verify with n8n directly that their environment reflects the patched version, particularly if they are running any custom or legacy configurations. Do not assume managed means protected without explicit confirmation.
The second vulnerability, CVE-2026-27577, affects the same expression evaluation component and should be evaluated against your deployment in parallel. Treat both CVEs as part of a single remediation effort — patching one without addressing the other still leaves critical exposure in the same attack surface that threat actors are already actively targeting.
Stay ahead of threats like the n8n RCE vulnerability with expert cybersecurity coverage and analysis that keeps your team informed and your defenses sharp.
