theinfosecnews
theinfosecnews
Subscribe to Daily Digest

CVE-2025-68613

CISA KEV

Published March 11, 2026 · Updated April 3, 2026

high

What This Means

# CVE-2025-68613: n8n Remote Code Execution via Workflow Expression Evaluation n8n's workflow expression evaluator fails to properly sandbox dynamically executed code, allowing attackers to inject and execute arbitrary code through workflow expressions. An attacker with access to create or modify workflows can achieve remote code execution on the n8n instance with the privileges of the application runtime. **Immediate actions:** Audit all workflow definitions for suspicious expressions; restrict workflow creation/modification permissions to trusted administrators; upgrade n8n to a patched version when available; isolate n8n instances from sensitive network segments and credential stores until patched.

Official Description+

n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution.

Affected Products

VendorProduct
n8nn8n

Patch Status

Patch by 2026-03-25

Recommended Actions

  1. Check if your systems use any of the affected products listed above.
  2. Apply vendor patches immediately if available.
  3. This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
  4. Monitor vendor advisories for updates and additional mitigations.
  5. Review logs for indicators of compromise related to CVE-2025-68613.

Related Coverage

Vvulnerability

CVE-2025-68613: Critical RCE Vulnerability in n8n Workflow Expression Evaluator Demands Immediate Action

CVE-2025-68613 is a remote code execution vulnerability in n8n's workflow expression evaluation engine, caused by improper control of dynamically managed code resources. Attackers with workflow creation access — including unauthenticated users on exposed instances — can execute arbitrary commands with n8n process privileges, potentially compromising credentials and all connected systems. CISA has mandated federal agency remediation by March 25, 2026; all organizations should patch immediately, restrict workflow permissions, and block external access to n8n interfaces.

CISA KEV·23d ago·3 min read