Critical n8n RCE Risks Discovered Along With Public Exploits

n8n or “ni‑eight‑n” has become one of the most popular workflow automation platforms for technical teams, especially among developers, DevOps engineers, and low‑code practitioners. It runs as self‑hosted, Docker‑based, or cloud instances and ties together APIs, databases, cloud services, and internal tools into reusable “workflows.” However, in the early months of 2026, security researchers uncovered several critical remote code execution (RCE) vulnerabilities that have turned n8n into a serious target for attackers, complete with working public exploits and high‑profile patches.

What makes n8n such a juicy target?

What makes an RCE in n8n particularly dangerous is not just the bug itself, but where n8n usually sits in an organization’s ecosystem. The platform typically holds:

• Stored API credentials, OAuth tokens, and database connection strings
• Access to internal services, cloud storage, CRM systems, email queues, and monitoring tools
• High‑privilege workflows that can read/write production data or trigger deployments

Because of this, a compromised n8n node effectively hands an attacker an entry point into virtually every system that the platform touches. This is why recent advisories from vendors like CyCognito, Cyera, and CERT‑in refer to n8n as a “single‑point‑of‑failure” when misconfigured or left on older versions.

The problem intensified when multiple critical‑severity CVEs were disclosed within a short window, some earning CVSS scores of 9.9–10.0, indicating “immediate” and “high‑impact” risk for unpatched installations.

Core vulnerabilities behind the n8n RCE chain

Several CVEs are now associated with these n8n RCE risks; the key ones referenced by security blogs and advisories are:

• CVE‑2025‑68613 – Authenticated RCE via expression evaluation
• CVE‑2026‑21858 (“Ni8mare”) – Unauthenticated RCE via form/webhook confusion
• CVE‑2026‑21877 – Another authenticated workflow‑based RCE path
• CVE‑2026‑25049 – Expression‑escape‑driven authenticated RCE

These vulnerabilities are often chained together in exploit PoCs that turn n8n into a full‑fledged command‑and‑control interface.

1. CVE‑2025‑68613 – Authenticated RCE in expressions

This issue lives inside n8n’s expression‑evaluation engine. The platform lets users write JavaScript‑like expressions inside workflow nodes to dynamically transform data, validate triggers, and route payloads. Under the hood, those expressions are processed in a constrained environment, but a flaw in how they are evaluated lets an attacker inject code that bypasses sandboxing.

An authenticated user, someone with at least the ability to create or modify workflows, can embed a malicious expression into a node’s configuration. When the workflow runs, the expression runs with the privileges of the n8n process on the host OS, leading to:

• Remote command execution on the server
• Full read‑write access to files readable by the n8n service
• Extraction or rewriting of stored credentials and configuration

Because many organizations on self‑hosted n8n still use relatively permissive roles for internal developers or automation engineers, this authenticated RCE can be trivially triggered if a malicious actor gains account access, even at a “non‑admin” level.

2. CVE‑2026‑21858 – “Ni8mare”: Unauthenticated RCE via forms

Public exploit code hosted on GitHub under the name “Ni8mare” demonstrates how CVE‑2026‑21858 works. This is an unauthenticated RCE bug that affects certain configurations of n8n’s Webhook and Form Submission nodes:

• If a workflow includes a Form Submission trigger and a Form Ending node that returns binary/form data, an attacker can manipulate the HTTP Content‑Type header in the request.
• Because the server mishandles multipart/form‑data payloads, it can be forced to serve internal files instead of the intended response, effectively turning n8n into a file‑disclosure endpoint.
• Researchers showed that an attacker can read the internal config file and SQLite (or other) database, which often contains usernames, password hashes, or API keys.
• Using that data, they can forge admin‑level sessions and bypass authentication, then leverage CVE‑2025‑68613 (or similar expression bugs) to execute arbitrary commands through an “Execute Command”‑style node.

This combined chain unauthenticated file read → config/database leak → authentication bypass → RCE is what earned the vulnerability a CVSS 10.0 score and made it a priority item for patching.

3. CVE‑2026‑21877 and other workflow‑level RCEs

Another critical RCE CVE, CVE‑2026‑21877, exposes unsafe handling of workflow execution paths. When workflows are dynamically loaded or regenerated, certain inputs are not sufficiently sanitized before being processed, which lets an authenticated user craft payloads that cause n8n to execute unintended code or construct malicious workflow logic.

This class of flaws tends to appear in:

• Dynamic workflow‑loading features
• Webhook‑based workflow reloading
• Auto‑created “demo” or sample workflows

Prospective attackers can smuggle harmful payloads into these mechanisms and then trigger them through seemingly harmless URLs or form submissions, again ending in full server control once RCE is achieved.

Public exploits and why CISOs should care

Security research groups, offensive‑security consultants, and independent researchers have already published detailed analyses and public exploit code for these n8n RCE vulnerabilities. For example:

• A GitHub repository for CVE‑2026‑21858 (“Ni8mare”) documents the full chain: arbitrary file read, config/database exfiltration, JWT forgery for admin access, then command execution via existing or newly created workflows.
• Pentesting outfits like Horizon3.ai and Aikido have explained how the “Ni8mare” exploit is “lower risk for well‑configured instances” but still catastrophic for exposed forms or misused webhooks.
• Endor Labs and CyCognito have highlighted CVE‑2026‑25049 as an “expression‑escape‑to‑RCE” vector where authenticated users can break out of intended sandbox boundaries and run shell commands.

For CISOs and DevSecOps teams, the existence of a full‑chain public exploit matters in three ways:

1. Credential concentration: n8n often stores hundreds of API credentials, database usernames/passwords, and cloud provider keys. Once RCE is achieved, an attacker can sweep this entire vault.
2. Lateral movement: From an n8n server, attackers can pivot into databases, cloud management consoles, CI/CD systems, and IAM endpoints.
3. Operational disruption: Attackers can delete or subtly modify workflows, causing business‑critical automations (payments, billing syncs, approvals, audits) to silently break or misbehave.

How attackers weaponize these n8n RCE flaws

Following recent disclosure patterns, realistic attack scenarios for these vulnerabilities include:

Scenario 1 – From exposed form to full domain compromise

An attacker scans the internet for self‑hosted n8n instances using search engines, Shodan-style tools, or DNS‑based hunts. Once a public‑facing n8n deployment with Forms or Webhooks is spotted, they:

• Send a specially crafted HTTP request with manipulated Content‑Type to trigger CVE‑2026‑21858.
• Read the internal config and local SQLite database, grabbing admin‑level user credentials and secrets.
• Forges a JWT session for the admin and logs into the UI without brute‑forcing anything.
• Creates or alters a workflow with an “Execute Command” node to run Linux/Windows shell commands, installing backdoors, reverse shells, or exfiltration scripts.

From that point on, the n8n server becomes a launch point for further lateral movement inside the corporate network, even behind a firewall.

Scenario 2 – Insider or compromised user escalation

Inside organizations that allow developers or analysts to create workflows, CVE‑2025‑68613 and CVE‑2026‑25049 are more attractive. A disgruntled or compromised user:

• Adds an innocent‑looking “enhancement” expression to a workflow that quietly calls exec() or equivalent on the underlying OS.
• Waits for the next automated run (e.g., nightly sync, trigger‑based event) to execute the payload.
• Uses the node to dump credential files, download sensitive payloads, or install persistence tools like SSH keys and cron jobs.

This route can bypass network‑based detection if the admin doesn’t audit workflow expressions and credential‑vault access closely.

Scenario 3 – Supply‑chain‑style template injections

An emerging trend is malicious workflow templates shared in community galleries. Because n8n encourages reusing community‑provided workflows, a malicious user can upload a template that:

• Looks like a harmless integration for Slack, Google Sheets, or feedback forms
• Contains hidden expression‑based hooks that reach out to C2 servers or execute local commands when stored in the vault

Organizations that import such templates without review risk embedding post‑install RCE logic into their environments, even after basic vulnerability‑management patches are applied.

Which n8n versions are affected?

While exact version ranges are documented in official advisories, the general picture across 2026‑era disclosures is:

• CVE‑2025‑68613 affects several releases in the 1.x series before 1.120.4 and 1.121.1. Activated expressions on older versions remain exploitable if a user has permission to edit workflows.
• CVE‑2026‑21858 (Ni8mare) primarily targets self‑hosted n8n versions that expose Forms/Webhooks and do not enforce secure configurations in web‑facing routes. Patches were released shortly after disclosure, with fixes distributed via GitHub and Docker images.
• CVE‑2026‑25049 is described as an authenticated expression‑escape‑to‑RCE in the n8n expression‑evaluation system, again addressed in newer 1.x milestones.

Because n8n pushes updates quickly through Docker tags, npm, and self‑hosted bundles, the main risk today lies with:

• EC2/AWS instances, Kubernetes pods, or internal VMs that are not on auto‑upgrade or are manually pinned to older versions
• Legacy on‑prem deployments where security patching is scheduled infrequently
• Organizations relying on community‑maintained forks or custom binaries that do not backport vendor‑issued CVE patches

Concrete mitigation and hardening steps

Given the severity and public nature of these n8n RCE exploits, defenders need to treat older or inadequately secured n8n deployments as “high‑risk zones.” Recommended actions include:

1. Patch to the latest stable release

Update to the most recent n8n version that includes fixes across the reported CVEs. If you run self‑hosted instances via:

• Docker, ensure you pull the latest official tag that corresponds to the patched releases (e.g., n8nio/n8n:latest or a pinned tag from the security advisory.
• npm‑based installs, reinstall or upgrade n8n, and review any overridden core‑dependency versions.
• Cloud providers bundling n8n (e.g., hosted‑runner services), confirm with the provider thatthe underlying instances were upgraded and refreshed.

2. Harden web‑facing n8n instances

Minimize exposure for any n8n that listens on external IPs:

• Place the app behind a reverse proxy (nginx, Caddy, etc.) and terminate TLS at the proxy layer.
• Disable or remove Forms and Webhooks endpoints that are not actually needed by the business.
• Add IP‑reputation or rate‑limiting rules at the gateway or WAF level for /webhook, /form, and similar routes.
• If Forms must remain, restrict them to authenticated sessions or VPN‑only users.

3. Restrict roles and expression permissions

Adopt least‑privilege policies:

• Do not allow arbitrary workflow‑creation privileges to “standard” or “non‑technical” users.
• Separate development, test, and production n8n environments so workflows are promoted through controlled channels.
• Monitor and log all expression modifications; several vendors now add expression‑audit features that flag suspicious patterns.

4. Audit credentials and secrets regularly

Given that n8n is a “secrets aggregator,” integrate it into your secrets‑management hygiene:

• Rotate and rotate again any API keys, tokens, and database passwords stored inside n8n, especially after a suspected‑exposure window.
• Use external secret managers (e.g., Hashicorp Vault, AWS Secrets Manager, Azure Key Vault) instead of storing raw keys inside n8n nodes.
• Integrate real‑time secret‑rotation workflows that refresh credentials automatically and invalidate old tokens.

5. Monitor for anomaly‑like behavior

Security‑minded deployments should layer monitoring:

• Log execution of “Execute Command”, “HTTP Request with script”, and similar high‑risk nodes.
• Alert on sudden spikes in script‑node executions, unexplained process‑spawn events, or outbound connections to unknown IPs/port ranges.
• Use EDR/XDR signals to detect when the n8n process or its underlying host spawns shells or unusual binaries.

Why this matters in 2026 (and beyond)

The recent spate of n8n‑related RCE disclosures is a microcosm of a broader trend: business‑critical automation tooling that was once considered “developer plumbing” is now prime attack surface. As companies centralize workflows for CRMs, billing, HR, and customer feedback in platforms like n8n, a compromise there can ripple across the entire stack.

The availability of public exploits, PoC chains, and simplified scripts lowers the barrier for both technically sophisticated attackers and less‑experienced threat actors who can simply copy‑paste and run these chains. This dynamic forces organizations to treat low‑code automation platforms not as auxiliary tools, but as first‑class members of the critical infrastructure portfolio, with:

• Regular patch cadence
• Strict access‑control policies
• Continuous credential‑rotation and monitoring

For DevOps teams, Salesforce‑centric automation builders, and API‑mashing developers who rely on n8n, understanding these RCE vectors is no longer optional: it is an operational necessity in 2026. Explicitly addressing these vulnerabilities through upgrades, architecture hardening, and workflow‑level guardrails can prevent one forgotten webhook or form from becoming the entrance point for a much broader compromise.