CVE-2026-25049

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-25049

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25049.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-25049

Aliases

GHSA-6cqr-8cfr-67f8

Published

2026-02-04T16:46:31.124Z

Modified

2026-02-06T22:20:46.949407Z

Severity

9.4 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSS Calculator

Summary

n8n Has an Expression Escape Vulnerability Leading to RCE

Details

n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue has been patched in versions 1.123.17 and 2.5.2.

Database specific

{
    "cwe_ids": [
        "CWE-913"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25049.json"
}

References

Affected packages

Git / github.com/n8n-io/n8n

Affected ranges

Type: GIT
Repo: https://github.com/n8n-io/n8n
Events: Introduced

a8ecda44f7627630bc8b78cf671405157ad41c4f

Fixed

0a043c77779c83d2917403b62832a919f5991800

Affected versions

n8n@1.*

n8n@1.123.0

n8n@2.*

n8n@2.0.0

n8n@2.1.0

n8n@2.2.0

n8n@2.3.0

n8n@2.4.0

n8n@2.5.0

n8n@2.5.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25049.json"