AIKIDO-2025-10969
n8n is vulnerable to Remote Code Execution via Expression Injection
99
Critical Risk
This Affects:
n8nTL;DR
Affected versions of n8n are vulnerable to remote code execution due to expression injection in the workflow expression evaluation system, where expressions provided by authenticated users during workflow configuration may be evaluated in an insufficiently isolated execution context, allowing an attacker to execute arbitrary code with the privileges of the n8n process and potentially fully compromise the instance, access sensitive data, modify workflows, or perform system-level operations; this issue is fixed in n8n v1.122.0, and users should upgrade immediately, while temporary mitigations include restricting workflow creation and editing to fully trusted users and running n8n in a hardened environment, noting that these measures do not fully eliminate the risk.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
n8n is vulnerable to Remote Code Execution via Expression Injection in versions 0.211.0 - 1.120.3 and 1.121.0 - 1.121.0.
How to fix this
Upgrade the n8n library to the patch version.
Links
Fix Commits
github.com/n8n-io/n8n/commit/08f332015153decdda3c37ad4fcb9f7ba13a7c79github.com/n8n-io/n8n/commit/1c933358acef527ff61466e53268b41a04be1000github.com/n8n-io/n8n/commit/39a2d1d60edde89674ca96dcbb3eb076ffff6316Other
akamai.com/blog/security-research/2026/feb/zerobot-malware-targets-n8n-automation-platformcisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-68613
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant