May 16, 2026 eBuilder signs an agreement for SOC/MDR with a TechHub
May 11, 2026 eBuilder signs an agreement for SOC/MDR and automated pentests with a company in the publishing business
May 8, 2026 eBuilder signs a pentest agreement with a leading petrochemical producer
April 8, 2026 eBuilder signs an agreement for MDR/SOC with a hotel business.
March 13, 2026 eBuilder signs an agreement for SOC-operations with a Swedish municipality.
March 2, 2026 A communications/branding agency chooses eBuilders Complorer for cybersecurity training
March 2, 2026 Large international steel company chooses eBuilder as supplier for Penetration testing
March 2, 2026 Large international steel company chooses eBuilders Complorer for cybersecurity training
Company News
mobile-menu-icon
Vulnerabilities

Critical n8n Sandbox Escape Exposes 100,000 Automation Instances to Remote Takeover

Date May 20, 2026 / 4 Min Read
Critical n8n Sandbox Escape Exposes 100,000 Automation Instances to Remote Takeover

A critical vulnerability in n8n’s workflow automation platform allows authenticated attackers to break out of security sandboxes and execute arbitrary code on the underlying server. CVE-2025-68613, scored CVSS 9.9 affects n8n versions from 0.211.0 through 1.120.4 and has been actively exploited according to CISA’s Known Exploited Vulnerabilities catalogue. More than 24,700 unpatched instances remain exposed online as of early March 2026.

The vulnerability sits in n8n’s expression evaluation engine which processes JavaScript code within workflow definitions without sufficient isolation. Authenticated users, even those with minimal privileges, can inject malicious expressions that escape the intended sandbox and execute with the same privileges as the n8n process. Orca Security describes it as enabling “arbitrary code on the underlying server via expression injection” with full server compromise potential.

Attackers Need Just Basic Authentication

Unlike many workflow automation attacks that require administrative access, CVE-2025-68613 can be exploited by any authenticated user with workflow creation or editing permissions. The attack works by submitting specially crafted JavaScript expressions within workflow nodes. When n8n evaluates these expressions during workflow execution, the malicious code escapes the sandbox and gains full access to the Node.js runtime and underlying operating system.

Resecurity’s analysis shows the vulnerability “directly undermines all three pillars of the Confidentiality, Integrity and Availability (CIA) triad.” Successful exploitation grants attackers unrestricted access to API keys, OAuth tokens, database credentials and service secrets stored within n8n workflows. Because n8n typically serves as central orchestration connecting internal systems and cloud services, compromise often cascades across entire organizations.

100,000 Vulnerable Instances Were Exposed at Disclosure

SOCRadar estimates more than 100,000 internet-reachable n8n instances were vulnerable when CVE-2025-68613 was disclosed in December 2025. Significant concentrations were identified in the United States, Germany, France, Brazil and Singapore. Current Shadowserver Foundation data shows more than 24,700 instances remain unpatched with 12,300 in North America and 7,800 in Europe.

The scale matters because n8n is increasingly deployed in DevOps, customer support and fintech environments where it handles sensitive credentials and automates business-critical processes. Threat Landscape notes that organizations “relying on automation for DevOps, Customer Support and FinTech are at high risk due to the sensitive nature of the API keys” typically stored in n8n credentials.

Public proof-of-concept exploits are available and CISA’s addition to the KEV catalogue in March 2026 confirms active exploitation in the wild. The agency has ordered Federal Civilian Executive Branch agencies to patch their n8n instances by 25 March 2026.

Multiple Related Flaws Create Attack Chains

CVE-2025-68613 is part of a cluster of critical n8n vulnerabilities disclosed over recent weeks. Rapid7 identified four additional CVEs that can be chained together for more sophisticated attacks, CVE-2026-21858 (CVSS 10.0) enables unauthenticated file access while CVE-2026-21877 (CVSS 9.9) allows remote code execution via arbitrary file write. Security researcher Valentin Lobstein published a proof-of-concept that chains CVE-2026-21858 with CVE-2025-68613 to achieve unauthenticated remote code execution.

Threat Landscape reports that CVE-2026-25049, a bypass for the original CVE-2025-68613 fix was disclosed in February 2026. This pattern of multiple bypasses suggests the underlying architectural issues in n8n’s expression evaluation system are more fundamental than initially assessed.

Patch Now, Audit Later

Immediate patching is required. n8n versions 1.120.4, 1.121.1 and 1.122.0 contain fixes for CVE-2025-68613. For the more recent bypass CVE-2026-25049, upgrade to version 1.123.17 or 2.5.2 or higher. These patches introduce proper sandboxing controls that prevent expressions from escaping their intended execution context.

If immediate patching is not possible, restrict workflow creation and editing to a minimal trusted user group, implement network segmentation to isolate n8n instances and audit webhook configurations to ensure public-facing webhooks use proper authentication rather than “None.” Review all stored credentials and API keys for signs of unauthorized access.

The Canadian Centre for Cyber Security and multiple security firms have published indicators of compromise scanners for environments that may have been breached before patching. Given the six-week window between initial exploitation and CISA’s KEV listing, assume any unpatched internet-facing n8n instance was potentially compromised.

References

  1. CVE-2025-68613 Critical n8n RCE & Server Compromise
  2. Ni8mare and N8scape Flaws Among Multiple Critical Vulnerabilities Affecting n8n
  3. CVE-2025-68613 Critical RCE Vulnerability Disclosed in n8n
  4. CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
  5. Canadian Centre for Cyber Security: AL26-001 Vulnerabilities Affecting n8n
  6. n8n GitHub Security Advisory: CVE-2025-68613
  7. CISA Known Exploited Vulnerabilities Catalogue

This post is also available in: Svenska

Related News


Two 7-Zip Flaws Are Being Exploited. Both Were Patched Months Ago

Two vulnerabilities in 7-Zip are being exploited in the wild, and both were fixed before the attacks started. CVE-2025-0411 was patched in November 2024. CVE-2025-11001…

calendar May 26, 2026
Verizon DBIR Vulnerability Exploitation Overtakes Credentials as Top Breach Vector

Verizon DBIR: Vulnerability Exploitation Overtakes Credentials as Top Breach Vector

calendar May 21, 2026
Fortinet and Ivanti Close Critical Security Holes. Two Still Await AI-Driven Discovery

Fortinet and Ivanti Close Critical Security Holes: Two Still Await AI-Driven Discovery

calendar May 14, 2026

Microsoft 365 Copilot Zero-Click Flaw Let Attackers Steal Data Via Email

Microsoft 365 Copilot contained a critical zero-click vulnerability that allowed attackers to exfiltrate sensitive company data simply by sending a malicious email. The flaw, discovered…

calendar May 13, 2026

cPanel Zero-Day Exploited for Months Before Patch 44,000 Servers Hit

A critical authentication bypass vulnerability in cPanel has been under active exploitation since February, two months before the vendor issued a patch. CVE-2026-41940 carries a…

calendar May 5, 2026

Take the next step - secure your business

Ensure your company is protected against cyber threats. Contact us to learn more.

Contact Us
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.