N8n is vulnerable to a maximum severity flaw that could allow an authenticated attacker to execute arbitrary code with the privileges of the n8n process. Tracked as CVE-2026-21877, the vulnerability has a CVSS score of 10. Under certain conditions, an authenticated user may cause untrusted code to be executed by the n8n service. This could … Continue reading “N8n Warns of Remote Code Execution Vulnerability (CVE-2026-21877)”
Tag: N8n
N8n Critical Arbitrary Command Execution Vulnerability (CVE-2025-68668)
A new vulnerability has been discovered in n8n, an open-source workflow automation tool. Tracked as CVE-2025-68668, the vulnerability has a critical severity rating with a CVSS score of 9.9. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process. For successful exploitation of the vulnerability, an attacker must be authenticated and have permission to create or modify workflows.