Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202601-00000014
n8n is an open-source workflow automation tool that connects multiple applications through a visual drag-and-drop interface, automating repetitive tasks without the need for code. Recently, n8n released several critical security vulnerability announcements.
[CVE-2025-68613, CVSS: 9.9] This is a remote code execution vulnerability that, under specific conditions, allows an authenticated attacker to execute arbitrary code with the permissions of the n8n process.
[CVE-2025-68668, CVSS: 9.9] Due to a sandbox bypass vulnerability in the Python code node using Pyodide in n8n, an authenticated attacker with permissions to create or modify workflows can execute arbitrary commands on the n8n server with the same permissions as the n8n process.
[CVE-2026-21877, CVSS: 10.0] This vulnerability allows an authenticated attacker to exploit n8n services to execute malicious code, leading to a complete compromise of the system.
[CVE-2026-21858, CVSS: 10.0] This vulnerability allows an unauthenticated attacker to access files on the underlying server through the execution of certain form-based workflows, resulting in the leakage of sensitive data stored in the system.