A significant security flaw within the n8n AI workflow automation platform has been identified, potentially allowing unauthorized command execution on servers. According to Pillar Security, this vulnerability, classified as CVE-2026-25049 and rated with a CVSS score of 9.4, affects how JavaScript expressions are evaluated in the n8n sandbox’s sanitization routine.
Details of the Vulnerability
The vulnerability arises from the n8n sandbox’s insufficient sanitization of JavaScript expressions. Pillar Security discovered that by using properties with template literals, arrow functions, and specific stack frame objects, the sandbox’s security measures could be circumvented, granting unauthorized command execution capabilities on the server.
This breach led to full server compromise, granting attackers access to sensitive information such as environment variables, stored credentials, API keys, OAuth tokens, and configuration files. With these compromised secrets, attackers could infiltrate connected cloud accounts, redirect AI pipelines, and access internal services on n8n cloud instances.
Attack Methodology
Pillar Security detailed that an attack could be initiated by crafting or altering a workflow with parameters containing specific expressions. Interestingly, the attack requires no special permissions or administrative access, merely a user capable of editing workflows.
After reporting the vulnerability to n8n on December 21, a fix was implemented two days later to block template literals. However, Pillar Security quickly identified that the patch could be bypassed using unsanitized function arguments, revealing the underlying issue of incomplete Abstract Syntax Tree (AST) analysis.
Resolution and Recommendations
Both the original vulnerability and the bypass were addressed in n8n version 2.4.0. Users are strongly advised to update their systems immediately to mitigate any associated risks.
The incident underscores the importance of robust security practices and thorough code analysis in preventing similar vulnerabilities. As the cybersecurity landscape evolves, staying informed and proactive in updating systems is crucial for maintaining security.
For further information on related security updates, refer to recent patches for Cisco, F5, Chrome, Firefox, and jsPDF, which address high-severity vulnerabilities.
