Technical Advisory: Multiple High-Severity Vulnerabilities in n8n

Disclosed: February 2026‍

Severity:  Critical–High (CVSS 4.0: ~7.1–10.0) – Authenticated and workflow-mediated code execution, file access, and sandbox escape

Package/Component: n8n

CVEs: CVE-2026-1470 • CVE-2026-25049 • CVE-2026-25056 • CVE-2026-25053 • CVE-2026-25052 • CVE-2026-25115 • CVE-2026-0863 • CVE-2026-25055

‍

Executive Summary

What Happened:
Between January and early February 2026, eight new high-to-critical vulnerabilities were disclosed in n8n across expression evaluation, file access controls, Git, SSH, Merge nodes, and Python execution. Several bypass earlier fixes, while others expose new attack paths in commonly enabled components. Users who upgraded to n8n 2.2.2 following January guidance remain exposed.

Why It Matters:

• Business Impact: Compromise of workflow automation platforms can lead to credential theft, data exposure, and downstream system compromise.
• Technology Impact: n8n frequently sits at the intersection of APIs, secrets, CI/CD, and AI orchestration.
• Risk Amplifier: Many vulnerabilities require only authenticated workflow access, not administrative privileges.
• Adoption Factor: n8n is widely deployed as automation infrastructure, often with high trust and broad permissions.

High-Level Risks:

• Remote code execution via workflow components
• Unauthorized file system access and data exfiltration
• Credential compromise and lateral movement
• Compliance exposure due to automation-mediated data access

Immediate Actions:

1. Inventory all n8n deployments and versions
2. Upgrade to n8n 2.5.2 or higher
3. Restrict workflow creation to trusted users
4. Disable unused nodes and integrations
5. Audit workflows that interact with files, Git, SSH, or Python

Overview

These vulnerabilities are grouped together not because they share a single root cause, but because they reveal a broader pattern: workflow nodes often act as implicit trust boundaries, and flaws in their validation or execution logic can have system-level impact.

For organisations using n8n in production, particularly for AI orchestration, credential handling, or integration workflows, this represents a material risk.

Risk Analysis

1. Expanded Execution Surface
   Multiple nodes allow user-defined logic, file access, or command execution. Vulnerabilities in these areas effectively collapse sandbox boundaries.
2. Authenticated-User Risk
   Several CVEs require only workflow editor access, a role commonly granted to engineers, analysts, or automation designers rather than administrators.
3. Chained Impact Potential
   File read/write or command execution vulnerabilities can be chained with stored credentials, webhook exposure, or downstream integrations.
4. Operational Fragility
   Repeated bypasses of prior fixes indicate that “patched” is a temporary state, not a stable one.

CVE Details (Summary)

All CVEs have been published to the NVD with full technical details. Patches are available across multiple branches, but no single version prior to 2.5.2 covers the full set.

Notably:

• Some CVEs affect only 2.x because the relevant functionality (e.g. Python Code nodes) does not exist in 1.x.
• Others are patched across 1.x, 2.4.x, and 2.5.x, but at different patch levels.

This makes branch-aware remediation essential.

‍

Recommendations

1. Users on 2.2.2 or earlier 2.x: Upgrade to 2.5.2+ immediately
2. Users on 1.x: Patch to latest 1.x or plan migration (1.x EOL March 2026)
3. All users: Review node usage and workflow permissions

Severity Assessment

Overall Severity: High–Critical (CVSS 4.0 ~7.1–10.0)

Across the CVEs:

• Exploitation often requires low complexity
• Several paths lead to full code execution
• Impact extends beyond n8n itself to integrated systems

In environments where n8n orchestrates AI agents or automation pipelines, these vulnerabilities undermine assumptions about isolation, intent, and trust.

Immediate Mitigation Steps

1. Inventory and Visibility

• Identify all n8n instances and versions
• Catalogue enabled nodes and integrations
• Map credentials and downstream access

2. Access Controls

• Limit workflow creation and editing
• Separate development and production instances
• Rotate credentials if exposure is uncertain

3. Monitoring

• Watch for unexpected workflow changes
• Monitor filesystem and process activity
• Review webhook usage and authentication

4. Node Governance

• Disable unused nodes (Git, SSH, Python, etc.)
• Treat powerful nodes as privileged capabilities
• Recommended configuration:
  
  • Set N8N_RUNNERS_MODE=external for all environments where Python Code nodes or task runners are enabled.

Long-Term Recommendations

Platform Security

• Define patch SLAs for automation platforms
• Maintain node-level risk inventories
• Assume recurring vulnerability disclosure

Governance

• Treat workflow automation as infrastructure
• Assign clear ownership for upgrades and risk acceptance
• Document allowed usage patterns

Vulnerability Management

• Track advisories, not just CVEs
• Expect bypasses and incremental fixes
• Test upgrades regularly, not reactively

Framework Context

These issues align with recurring patterns in:

• OWASP LLM & Agentic Application Risks (excessive tool authority, insufficient isolation)
• MITRE ATT&CK (execution, credential access, lateral movement)
• CWE (improper input validation, sandbox escape, privilege boundaries)

Bottom Line

If you followed January guidance and upgraded to n8n 2.2.2, that remediation window has closed.

Eight new vulnerabilities disclosed since then expand the attack surface across multiple core components. n8n 2.5.2 is now the minimum safe version.

Plan for continuous patching, not one-off fixes.

Advisory Status: Updated advisory based on public CVE disclosures and vendor releases
Last Updated: February 5th, 2026

‍