The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability, tracked as CVE-2025-68613 (CVSS score: 9.9), concerns a case of expression injection that leads to remote code execution. The security shortcoming was patched by n8n in December 2025 in versions 1.120.4, 1.121.1, and 1.122.0. CVE-2025-68613 is the first n8n vulnerability to be placed in the KEV catalog.
“N8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution,” CISA said.
According to the maintainers of the workflow automation platform, the vulnerability could be weaponized by an authenticated attacker to execute arbitrary code with the privileges of the n8n process.
Successful exploitation of the flaw could result in a complete compromise of the instance, enabling the attacker to access sensitive data, modify workflows, or execute system-level operations.
There are currently no details on how the vulnerability is being exploited in the wild. Data from the Shadowserver Foundation shows that there are more than 24,700 unpatched instances exposed online, with more than 12,300 of them located in North America and 7,800 in Europe as of early February 2026.
The addition of CVE-2025-68613 comes as Pillar Security disclosed two critical flaws in n8n, one of which – CVE-2026-27577 (CVSS score: 9.4) – has been classified as “additional exploits” discovered in the workflow expression evaluation system following CVE-2025-68613.
Federal Civilian Executive Branch (FCEB) agencies have been ordered to patch their n8n instances by March 25, 2026, as mandated by a Binding Operational Directive (BOD 22-01) issued in November 2021.
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
