Home > Security > Security News

Critical New Vulnerability in Automation Platform n8n Allows Arbitrary Command Execution

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Laptop Spark Vulnerability
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • High-Severity Flaw: A security vulnerability with a CVSS score of 9.9 has been identified in the open-source workflow automation platform n8n.
  • Command Execution Risk: The flaw permits an authenticated user to execute arbitrary system commands on the host system running the n8n instance.
  • Mitigation: Users are strongly advised to update to the latest version to patch the vulnerability.

A critical security vulnerability has been discovered in n8n, a widely used open-source workflow automation platform. The flaw could allow an authenticated attacker with valid user credentials and the permission to create or modify workflows to execute arbitrary system commands on the host system. 

Impact on Workflow Automation Security

The flaw, which has been assigned a Common Vulnerability Scoring System (CVSS) rating of 9.9 out of 10, allows for authenticated command execution on systems running n8n using the same privileges as the n8n process, the advisory said

This critical vulnerability, tracked as CVE-2025-68668, poses a direct threat to the integrity and confidentiality of any data processed by the automation tool.

Remediation and Security Recommendations

The developers of n8n have released a patch to address the vulnerability. “A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide,” the advisory said. 

In n8n version 1.111.0, a task-runner-based native Python implementation was introduced as an optional feature, providing a more secure isolation model.” This became the default starting with version 2.0.0.

Suggested workarounds:

Last month, another critical flaw was disclosed that is now under active exploitation – a MongoDB vulnerability that allows unauthenticated memory access.

Add a Comment
Related
Server Room – IoT Router
Critical RCE Vulnerability in Legacy D-Link DSL Router Models Requires Device Replacement
UK Flag - Brick Wall - Shield
UK Government Admits Flaws in Cyber Resilience Strategy, Overhauls Cyber Policy with New Action Plan
Man - Woman - Chatting - Lens
Founder of pcTattletale Spyware App Pleads Guilty in Federal Stalkerware Case
Google Patches High-Severity Chrome WebView Flaw CVE-2026-0628 in the Tag Component
ClickFix - Captcha
Free ‘ClickFix Hunter’ Tool Tracks Growing Social Engineering Epidemic
Hacker - Formal - Employee - Insider - Office
Dozens of Global Companies in Aviation, Defense, Engineering, and More Breached via Infostealer Credentials 
Most Popular
Server Room – IoT Router
Critical RCE Vulnerability in Legacy D-Link DSL Router Models Requires Device Replacement
UK Flag - Brick Wall - Shield
UK Government Admits Flaws in Cyber Resilience Strategy, Overhauls Cyber Policy with New Action Plan
Man - Woman - Chatting - Lens
Founder of pcTattletale Spyware App Pleads Guilty in Federal Stalkerware Case
Google Patches High-Severity Chrome WebView Flaw CVE-2026-0628 in the Tag Component
ClickFix - Captcha
Free ‘ClickFix Hunter’ Tool Tracks Growing Social Engineering Epidemic
Hacker - Formal - Employee - Insider - Office
Dozens of Global Companies in Aviation, Defense, Engineering, and More Breached via Infostealer Credentials 
Critical RCE Vulnerability in Legacy D-Link DSL Router Models Requires Device Replacement
UK Government Admits Flaws in Cyber Resilience Strategy, Overhauls Cyber Policy with New Action Plan
Founder of pcTattletale Spyware App Pleads Guilty in Federal Stalkerware Case
Google Patches High-Severity Chrome WebView Flaw CVE-2026-0628 in the Tag Component
Free ‘ClickFix Hunter’ Tool Tracks Growing Social Engineering Epidemic
Dozens of Global Companies in Aviation, Defense, Engineering, and More Breached via Infostealer Credentials 

Most Popular
Server Room – IoT Router
Critical RCE Vulnerability in Legacy D-Link DSL Router Models Requires Device Replacement
UK Flag - Brick Wall - Shield
UK Government Admits Flaws in Cyber Resilience Strategy, Overhauls Cyber Policy with New Action Plan
Man - Woman - Chatting - Lens
Founder of pcTattletale Spyware App Pleads Guilty in Federal Stalkerware Case
Google Patches High-Severity Chrome WebView Flaw CVE-2026-0628 in the Tag Component
ClickFix - Captcha
Free ‘ClickFix Hunter’ Tool Tracks Growing Social Engineering Epidemic
Hacker - Formal - Employee - Insider - Office
Dozens of Global Companies in Aviation, Defense, Engineering, and More Breached via Infostealer Credentials 
Critical RCE Vulnerability in Legacy D-Link DSL Router Models Requires Device Replacement
UK Government Admits Flaws in Cyber Resilience Strategy, Overhauls Cyber Policy with New Action Plan
Founder of pcTattletale Spyware App Pleads Guilty in Federal Stalkerware Case
Google Patches High-Severity Chrome WebView Flaw CVE-2026-0628 in the Tag Component
Free ‘ClickFix Hunter’ Tool Tracks Growing Social Engineering Epidemic
Dozens of Global Companies in Aviation, Defense, Engineering, and More Breached via Infostealer Credentials 

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: