These vulnerabilities, identified as CVE-2026-25049, enable remote code execution, giving attackers the ability to steal credentials and compromise connected cloud accounts.

Security researchers have discovered that n8n suffers from major vulnerabilities that allow users with workflow editing permissions to bypass existing security patches. While a previous flaw was addressed in late 2025, this new set of issues stems from failures in the platform's sanitization mechanisms. By exploiting these gaps, an attacker can move beyond the intended limits of the software and execute unauthorized commands directly on the server.

The impact of this exploit is severe because it grants an attacker the same level of access as a system administrator. Once the environment is breached, sensitive data such as API keys, OAuth tokens, and internal configuration files can be extracted effortlessly. This level of access effectively compromises the entire integrity of the n8n instance and any data it manages.

Furthermore, the vulnerability poses a significant risk to modern AI integrations within the platform. Researchers demonstrated that they could hijack AI-driven workflows to intercept user prompts or alter the responses generated by the system. This allows for the manipulation of automated logic and the redirection of sensitive traffic to external servers controlled by the attacker.

Because n8n is often used in multi-tenant environments, the breach of one instance can have a ripple effect. An attacker who gains access to internal cluster services may be able to pivot and access data belonging to other tenants. This makes the flaw particularly dangerous for service providers and large enterprises that host multiple separate accounts on shared infrastructure.

The ease of exploitation is one of the most concerning aspects of this discovery. Experts noted that no specialized tools or complex techniques are required to carry out the attack beyond the standard ability to create a workflow. This low barrier to entry means that any user with basic access to the platform could potentially compromise the entire host server and its connected cloud resources.

Source: Critical n8n Vulnerabilities Disclosed Along With Public Exploits