Blog Trainings Request a Demo Login
Get Your Free Report
Start for Free
SOCRadar® Cyber Intelligence Inc. | CVE-2026-25049: n8n Expression Sandbox Escape Enables RCE
Feb 05, 2026
4 Mins Read
Moon

CVE-2026-25049: n8n Expression Sandbox Escape Enables RCE

n8n is widely used to automate business workflows, which also means it often sits close to credentials, internal APIs, and sensitive data. A newly patched vulnerability, CVE-2026-25049, shows how risky that can become when restricted workflow expressions can be turned into system-level execution.

Multiple technical write-ups now document working exploitation patterns, so defenders should assume low effort for attackers and prioritize patching. Here’s what you need to know about CVE-2026-25049.

What Is CVE-2026-25049 in n8n?

CVE-2026-25049 (CVSSv4 9.4) is an expression sandbox escape in n8n that can allow authenticated users to execute system commands on the underlying host. Even though the bug lives in “expressions,” the impact is often much bigger in real environments because n8n instances frequently have access to:

  • Stored credentials (API keys, OAuth tokens)
  • Internal services reachable from the automation host
  • Webhook-triggered workflows that can be activated and repeatedly invoked
Details of CVE-2026-25049 (SOCRadar Vulnerability Intelligence) 

Details of CVE-2026-25049 (SOCRadar Vulnerability Intelligence)

Stay ahead of emerging exploitation with SOCRadar Cyber Threat Intelligence, which continuously tracks new CVEs, public PoCs, and attacker chatter,helping teams detect real-world risk before vulnerabilities are actively abused.

How the Flaw Relates to CVE-2025-68613

n8n and researchers describe CVE-2026-25049 as additional exploits discovered after (and effectively bypassing) the earlier expression RCE advisory, CVE-2025-68613. In other words, it represents follow-on escape techniques that worked despite earlier fixes, which is a key reason defenders should treat expression sandboxing as a high-risk area and keep versions current.

Which n8n Versions Are Affected?

Based on the GitHub advisory:

  • All versions < 1.123.17 are affected.
  • 2.x is affected from 2.0.0 up to (but not including) 2.5.2.

What Preconditions Does an Attacker Need?

This is primarily a post-auth issue:

  • The attacker must be authenticated and have permission to create or modify workflows, because the payload is embedded in crafted expressions within workflow parameters.

Why that can still become remotely triggerable in practice:

  • If a malicious workflow includes a public webhook (no auth) and is activated, the attacker may only need one privileged action (plant the payload). After that, anyone who can reach the webhook can repeatedly trigger the workflow execution path.

How Does Exploitation Work for CVE-2026-25049?

At a high level, exploitation involves bypassing n8n’s expression restrictions to regain access to powerful JavaScript/Node.js primitives (and ultimately system command execution).

Public research highlights multiple paths, including:

  • Type confusion / runtime coercion: sanitization that assumes property keys are strings can be bypassed when runtime values don’t match the TypeScript type expectations.
  • Alternate “equivalent operations” that avoid AST-based deny patterns and still reach dangerous constructors and globals.
  • Constructor/Function-style escalation patterns shown in technical write-ups (often demonstrated through webhook-triggered workflows).

The key operational takeaway: there isn’t just one fragile payload; there are multiple documented approaches, which tends to reduce attacker effort and increase opportunistic probing.

Is CVE-2026-25049 Being Exploited in the Wild?

Public reporting has not confirmed in-the-wild exploitation. That said, defenders shouldn’t treat this fact as a comfort signal when technical exploitation guidance is already broadly available.

What Should Defenders Do Right Now?

Patching is the most important control for this class of issue:

  • Upgrade to n8n 1.123.17+ (1.x line), or
  • Upgrade to n8n 2.5.2+ (2.x line), or
  • If you must remain on the 2.4 branch, upgrade to 2.4.5+.

If you can’t patch immediately, the below steps reduce risk, but they do not fully mitigate a sandbox escape:

  • Restrict workflow creation/editing permissions to fully trusted users only.
  • Harden the runtime: least-privilege OS permissions and tight network egress/east-west controls.

Because the potential impact includes host compromise and credential access:

  • Review workflows for suspicious or unusual expression patterns.
  • Rotate secrets accessible to n8n (including the encryption key and stored credentials) and validate downstream access logs where possible.
SOCRadar’s Attack Surface Management, Company Vulnerabilities

SOCRadar’s Attack Surface Management, Company Vulnerabilities

Critical flaws like CVE-2026-25049 can enable exposed automation platforms to quickly become attacker footholds. SOCRadar Attack Surface Management (ASM) helps your security team to continuously identify internet-exposed services, risky configurations, and forgotten assets, so vulnerabilities are addressed before adversaries discover and exploit them.

Table Of Content
Related Articles
SOCRadar® Cyber Intelligence Inc. | CVE-2026-20253: CISA Warns of Actively Exploited Splunk Enterprise RCE
CVE-2026-20253: CISA Warns of Actively Exploited Splunk Enterprise RCE
Jun 19, 2026
SOCRadar® Cyber Intelligence Inc. | CVE-2026-42530 & CVE-2026-42055: F5 Patches NGINX Vulnerabilities
CVE-2026-42530 & CVE-2026-42055: F5 Patches NGINX Vulnerabilities
Jun 19, 2026
SOCRadar® Cyber Intelligence Inc. | SOCRadar Launches Free FortiBleed Exposure Checker and Publishes the Most Extensive Dataset on the Fortinet Credential Leak
SOCRadar Launches Free FortiBleed Exposure Checker and Publishes the Most Extensive Dataset on the Fortinet Credential Leak
Jun 17, 2026
SOCRadar® Cyber Intelligence Inc. | FortiSandbox Vulnerabilities Expose Systems to Auth Bypass and Command Execution
FortiSandbox Vulnerabilities Expose Systems to Auth Bypass and Command Execution
Jun 17, 2026
SOCRadar® Cyber Intelligence Inc. | May 2026: TeamPCP's Supply Chain Blitz Hits Checkmarx, GitHub, and npm
May 2026: TeamPCP's Supply Chain Blitz Hits Checkmarx, GitHub, and npm
Jun 16, 2026
Free Dark Web Report
Is your Domain Exposed? Find Out.