- Joined
- Apr 5, 2011
- Messages
- 10,617
- Solutions
- 3
- Reaction score
- 31,627
- Trophies
- 6
- Age
- 48
- Location
- At my chair.
- XP
- 40,115
- Country

Attention: All Developers
n8n has released a security advisory addressing a new Expression Escape critical vulnerability in its open-source workflow automation platform, which could lead to remote code execution.
Tracked as CVE-2026-25049, this vulnerability could allow an authenticated user with permission to create or modify workflows which could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n.
In its security advisory n8n state: “Additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613 -n8n security advisory.”
CVE-2026-25049 bypasses the fixes implemented for CVE-2025-68613 for which an Alpha ThreatCon Advisory was released on 23 December 2025.
Platform(s) and Version(s) Affected:






