A newly disclosed critical security flaw in the n8n workflow automation platform could allow attackers to run system-level commands on affected servers. If exploited, the bug could lead to full server compromise.
The vulnerability is tracked as CVE-2026-25049 and has a high severity score of 9.4. It is linked to an earlier critical flaw that n8n fixed in December 2025. However, security researchers later found a way to bypass that fix.
According to n8n’s maintainers, the issue comes from weak input filtering in how workflow expressions are handled. An authenticated user who can create or edit workflows could use specially crafted code to execute commands on the server running n8n.
Security researchers explained that the flaw allows attackers to escape n8n’s built-in security sandbox. This means normal safety checks can be bypassed.
The risk becomes much higher when n8n’s webhook feature is involved. An attacker can create a workflow with a public webhook that requires no login. By adding a small piece of JavaScript, anyone on the internet could trigger the webhook and run commands remotely.
If exploited, attackers could steal passwords, API keys, cloud credentials, and sensitive data. They could also install backdoors for long-term access or take control of connected systems and AI workflows.
Security experts warned that the attack is easy to carry out. If someone has permission to create workflows, they may be able to fully take over the server.
Multiple cybersecurity firms confirmed the issue, pointing to gaps in n8n’s security checks. Users are strongly advised to strengthen cyber defense with intelligence, apply updates, and restrict workflow permissions to reduce risks
