Six CVEs in One Day: What’s Going On with n8n?
Executive Summary
In a single day, six vulnerabilities were disclosed in n8n, spanning remote code execution, command injection, arbitrary file access, and cross-site scripting.
All six issues affect authenticated functionality and repeatedly break isolation between workflows, configuration, and the underlying host.
This is not random disclosure noise, it’s a clear signal of systemic security weaknesses in how n8n handles privileged execution and input evaluation.
Six CVEs in One Day Is Not Normal
Over the past few months, we’ve seen a steady stream of vulnerabilities disclosed in n8n. One CVE here, another critical fix there. That’s expected as adoption grows.
What happened yesterday was different.
Six new n8n CVEs. One day.
Not over a quarter.
Not over a release cycle.
One day.
These vulnerabilities span multiple attack classes, from remote code execution and command injection to arbitrary file access and cross-site scripting, all targeting a platform that is frequently deployed with access to secrets, credentials, internal APIs, and business-critical logic.
At this point, the volume itself is the message.
So, What Is n8n?
n8n is a widely adopted workflow automation platform that often sits at the center of an organization’s operational and integration stack. It is used to orchestrate logic across SaaS applications, internal services, and cloud APIs, acting as an execution engine for automation workflows.
From a security perspective, this matters because n8n is designed to:
- Execute logic automatically
- Transform and route sensitive data
- Act on behalf of users without runtime human validation
Workflows frequently run with privileged API tokens, secrets, and internal access, making n8n a high-impact target when isolation fails.
Six New n8n CVEs: Breaking Them Down
CVE-2026-21893
CVSS: 9.4 (Critical)
What it is:
A command injection vulnerability in n8n’s community package installation functionality.
Impact:
Authenticated administrators can execute arbitrary system commands on the n8n host during package installation.
Fix:
Patched in n8n versions ≥ 1.120.3.
Technical Summary
This vulnerability originates in the community package installation mechanism, where user-supplied input is incorporated into system-level commands without sufficient sanitization. An authenticated administrator can abuse this flow by injecting malicious values during package installation, causing arbitrary commands to execute in the context of the n8n service.
The risk is amplified by the trust typically placed in community extensions, making this a high-impact attack path that directly bridges application-level functionality with host-level execution.
CVE-2026-25049
CVSS: 9.4 (Critical)
What it is:
A remote code execution vulnerability caused by improper sanitization of workflow expressions in n8n.
Impact:
Authenticated users with permission to create or modify workflows can execute arbitrary system commands on the n8n host.
Fix:
Patched in n8n versions 1.123.17 and 2.5.2.
Technical Summary
This vulnerability exists in the workflow expression engine, where crafted expressions are evaluated in a privileged execution context without adequate isolation. An authenticated user with workflow modification permissions can inject malicious expressions that escape the intended evaluation logic and trigger system command execution.
Because workflow expressions are a core and commonly used feature in n8n, this flaw significantly lowers the barrier to exploitation and enables full compromise of the underlying host.
CVE-2026-25051
CVSS: 8.5 (High)
What it is:
A cross-site scripting vulnerability in the handling of webhook responses and related HTTP endpoints.
Impact:
Authenticated users with workflow edit permissions can inject scripts that execute in other users’ sessions, leading to session hijacking or account takeover.
Fix:
Patched in n8n versions 1.123.2 and 1.122.5.
Technical Summary
This issue arises when Content Security Policy sandbox protections intended to isolate HTML responses are not consistently applied. Under specific conditions, attacker-controlled content returned through webhook responses can be rendered and executed in a browser context.
Rather than enabling direct code execution on the host, this vulnerability breaks trust between users and allows attackers to abuse authenticated browser sessions to escalate access or steal credentials.
CVE-2026-25052
CVSS: 9.4 (Critical)
What it is:
An arbitrary file read vulnerability caused by weak access controls on internal n8n resources.
Impact:
Authenticated users with workflow permissions can read sensitive files from the n8n host, enabling credential disclosure and follow-on compromise.
Fix:
Patched in n8n versions 1.123.18 and 2.5.0.
Technical Summary
The vulnerability stems from insufficient permission checks on internal APIs and resources exposed to authenticated users. By interacting with these components, an attacker can access files and configuration data that are not properly scoped to their privilege level.
While this issue does not directly allow code execution, the ability to retrieve secrets, credentials, and internal configuration significantly increases the likelihood of full instance takeover when combined with other flaws.
CVE-2026-25053
CVSS: 9.4 (Critical)
What it is:
A vulnerability in the Git node that allows execution of system commands or arbitrary file access.
Impact:
Authenticated users with workflow permissions can execute commands on the n8n host or read sensitive files.
Fix:
Patched in n8n versions 1.123.10 and 2.5.0.
Technical Summary
This vulnerability is rooted in unsafe execution of untrusted input within the Git node. Under certain conditions, attacker-controlled data is dynamically executed by the n8n process without sufficient validation or sandboxing.
The result is a collapse of isolation between workflow logic and the underlying operating system, allowing authenticated attackers to escalate privileges and directly impact the host environment.
CVE-2025-61917
CVSS: 7.7 (High)
What it is:
An information disclosure vulnerability caused by unsafe buffer allocation in n8n task runners.
Impact:
Authenticated users executing task runners may access uninitialized memory containing sensitive runtime data.
Fix:
Patched in n8n versions 1.114.3 and 1.115.0.
Technical Summary
This issue originates from the use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow(), which can allocate memory without initialization. When exposed to untrusted code in task runners, these buffers may contain residual data from within the same Node.js process.
Although exploitation is more constrained compared to other vulnerabilities in this set, it highlights systemic weaknesses in memory handling that can compound the impact of higher-severity flaws.
TL;DR: n8n CVEs at a Glance
| CVE | CVSS | Impact | Fixed Versions |
|---|---|---|---|
| CVE-2026-21893 | 9.4 | Command injection | ≥ 1.120.3 |
| CVE-2026-25049 | 9.4 | Remote code execution | 1.123.17, 2.5.2 |
| CVE-2026-25051 | 8.5 | Cross-site scripting | 1.123.2, 1.122.5 |
| CVE-2026-25052 | 9.4 | Arbitrary file access | 1.123.18, 2.5.0 |
| CVE-2026-25053 | 9.4 | RCE / file access | 1.123.10, 2.5.0 |
| CVE-2025-61917 | 7.7 | Information disclosure | 1.114.3, 1.115.0 |
The Bigger Picture
Individually, each of these vulnerabilities is serious. Together, they paint a much clearer picture.
Across all six CVEs, the same pattern repeats:
- Authenticated functionality is implicitly trusted
- Workflow logic bleeds into privileged execution
- Input validation failures recur across features
- Isolation boundaries collapse under real-world usage
n8n’s flexibility and power are exactly what make these issues high impact. When automation engines are allowed to directly influence execution and file access, small mistakes quickly turn into full environment compromise.
Six CVEs in one day does not just highlight bugs. It highlights where the trust model breaks down.
How Upwind Helps Customers Stay Ahead of Emerging CVEs
Upwind is built on the assumption that new vulnerabilities, especially high-impact CVEs like those recently disclosed in n8n, are inevitable. The challenge is not awareness. It is understanding whether those vulnerabilities are actually reachable and exploitable in real environments.
Upwind continuously tracks newly published CVEs and correlates them with live cloud environments, allowing teams to quickly determine whether vulnerable components are present and exposed. This removes the guesswork between disclosure and response.
Beyond static vulnerability visibility, Upwind adds runtime and configuration context. It highlights risky execution paths, overly permissive identities, sensitive secrets, and downstream access that could be abused if a vulnerability is exploited. This context is critical for understanding real blast radius, not just theoretical severity.
By combining vulnerability intelligence with runtime behavior and attack path analysis, Upwind helps organizations detect exploitation attempts earlier, prioritize remediation based on actual risk, and reduce impact before vulnerabilities are widely weaponized.
For assistance in identifying vulnerable components or to learn more about our runtime protections, reach out to [email protected].
