CISA provides n8n RCE flaw to listing of identified exploited vulnerabilities | information – Cyber Tech

The Cybersecurity and Infrastructure Safety Company (CISA) added a distant code execution (RCE) flaw within the open-source workflow automation platform n8n to its Identified Exploited Vulnerabilities (KEV) catalog on Wednesday, requiring federal companies to patch inside two weeks.The vulnerability, tracked as CVE-2025-68613, was first disclosed and patched in December 2025. The flaw may allow an authenticated attacker to execute arbitrary code with the identical privileges because the n8n course of, doubtlessly resulting in unauthorized information entry, execution of system-level operations and a whole compromise of the affected occasion, n8n stated.CVE-2025-68613 was given a CVSS rating of 9.9 by n8n and eight.8 by the Nationwide Institute of Requirements and Expertise (NIST). It impacts n8n variations beginning with 0.211.0 and earlier than the patched variations: 1.120.4, 1.121.1 and 1.122.0.A number of proof-of-concept exploits had been printed by SecureLayer7 shortly after the flaw’s disclosure, revealing how JavaScript expressions included in n8n workflows are evaluated server-side upon workflow execution and might entry the worldwide “this” context, which resolves to the Node.js execution setting.Associated studying:This could enable an in any other case low-privileged attacker with the flexibility to create or edit n8n workflows to entry privileged objects and execute arbitrary system instructions, SecureLayer7 stated. This flaw may very well be executed both via the n8n internet interface or via REST API endpoints.Censys beforehand reported in December that greater than 100,000 n8n situations had been doubtlessly weak to CVE-2025-68613. In response to ShadowServer’s dashboard, 24,607 n8n situations remained weak to CVE-2025-68613 as of Feb. 5, 2026.

Following its addition to the KEV, federal civilian government department (FCEB) companies have till March 25, 2026, to resolve the flaw. The company famous, “This sort of vulnerability is a frequent assault vector for malicious cyber actors and poses important dangers to the federal enterprise.”A number of different n8n vulnerabilities have been disclosed this 12 months together with two essential sandbox escape flaws found by Pillar Safety, two flaws affecting the expression engine and Python Code Node reported by JFrog and two maximum-severity vulnerabilities enabling authenticated RCE and unauthenticated arbitrary file entry, reported by researcher Théo Lelasseux and Cyera, respectively.