Home > Security > Security News

Critical New Vulnerability in Automation Platform n8n Allows Arbitrary Command Execution

Published on January 6, 2026
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Laptop Spark Vulnerability
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • High-Severity Flaw: A security vulnerability with a CVSS score of 9.9 has been identified in the open-source workflow automation platform n8n.
  • Command Execution Risk: The flaw permits an authenticated user to execute arbitrary system commands on the host system running the n8n instance.
  • Mitigation: Users are strongly advised to update to the latest version to patch the vulnerability.

A critical security vulnerability has been discovered in n8n, a widely used open-source workflow automation platform. The flaw could allow an authenticated attacker with valid user credentials and the permission to create or modify workflows to execute arbitrary system commands on the host system. 

Impact on Workflow Automation Security

The flaw, which has been assigned a Common Vulnerability Scoring System (CVSS) rating of 9.9 out of 10, allows for authenticated command execution on systems running n8n using the same privileges as the n8n process, the advisory said

This critical vulnerability, tracked as CVE-2025-68668, poses a direct threat to the integrity and confidentiality of any data processed by the automation tool.

Remediation and Security Recommendations

The developers of n8n have released a patch to address the vulnerability. “A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide,” the advisory said. 

In n8n version 1.111.0, a task-runner-based native Python implementation was introduced as an optional feature, providing a more secure isolation model.” This became the default starting with version 2.0.0.

Suggested workarounds:

Last month, another critical flaw was disclosed that is now under active exploitation – a MongoDB vulnerability that allows unauthenticated memory access.

Add a Comment
Related
Commonwealth Bank in Australia Deploys Custom AI Threat Hunter
INTERPOL Warns of Escalating Global Financial Fraud Threat, with AI-Enhanced Scams Four Times More Profitable
Sophisticated Phishing Campaign Exploits Trusted Cisco Domains, Impersonates JPMorgan, Targeting European Security Vendor
EU Sanctions Iranian and Chinese Firms for Cyberattacks Against European Networks
AWS Bedrock Sandbox Vulnerability Allows DNS bypass, No Patch Available
Divine Skins Data Breach Exposes Data of Over 105,000 League of Legends Custom Skins Users, Anonymous Allegedly Behind It
Most Popular
Commonwealth Bank in Australia Deploys Custom AI Threat Hunter
INTERPOL Warns of Escalating Global Financial Fraud Threat, with AI-Enhanced Scams Four Times More Profitable
Sophisticated Phishing Campaign Exploits Trusted Cisco Domains, Impersonates JPMorgan, Targeting European Security Vendor
EU Sanctions Iranian and Chinese Firms for Cyberattacks Against European Networks
AWS Bedrock Sandbox Vulnerability Allows DNS bypass, No Patch Available
Divine Skins Data Breach Exposes Data of Over 105,000 League of Legends Custom Skins Users, Anonymous Allegedly Behind It
Commonwealth Bank in Australia Deploys Custom AI Threat Hunter
INTERPOL Warns of Escalating Global Financial Fraud Threat, with AI-Enhanced Scams Four Times More Profitable
Sophisticated Phishing Campaign Exploits Trusted Cisco Domains, Impersonates JPMorgan, Targeting European Security Vendor
EU Sanctions Iranian and Chinese Firms for Cyberattacks Against European Networks
AWS Bedrock Sandbox Vulnerability Allows DNS bypass, No Patch Available
Divine Skins Data Breach Exposes Data of Over 105,000 League of Legends Custom Skins Users, Anonymous Allegedly Behind It

Most Popular
Commonwealth Bank in Australia Deploys Custom AI Threat Hunter
INTERPOL Warns of Escalating Global Financial Fraud Threat, with AI-Enhanced Scams Four Times More Profitable
Sophisticated Phishing Campaign Exploits Trusted Cisco Domains, Impersonates JPMorgan, Targeting European Security Vendor
EU Sanctions Iranian and Chinese Firms for Cyberattacks Against European Networks
AWS Bedrock Sandbox Vulnerability Allows DNS bypass, No Patch Available
Divine Skins Data Breach Exposes Data of Over 105,000 League of Legends Custom Skins Users, Anonymous Allegedly Behind It
Commonwealth Bank in Australia Deploys Custom AI Threat Hunter
INTERPOL Warns of Escalating Global Financial Fraud Threat, with AI-Enhanced Scams Four Times More Profitable
Sophisticated Phishing Campaign Exploits Trusted Cisco Domains, Impersonates JPMorgan, Targeting European Security Vendor
EU Sanctions Iranian and Chinese Firms for Cyberattacks Against European Networks
AWS Bedrock Sandbox Vulnerability Allows DNS bypass, No Patch Available
Divine Skins Data Breach Exposes Data of Over 105,000 League of Legends Custom Skins Users, Anonymous Allegedly Behind It

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: