A serious cybersecurity issue has come to light after a major vulnerability was discovered in the automation platform n8n. A U.S. cybersecurity agency has issued a warning about the flaw and added it to its list of vulnerabilities that are currently being actively exploited by cybercriminals.
Security experts say the vulnerability is highly critical because it could allow attackers to run malicious code remotely on affected systems. This could potentially give cyber attackers full control over compromised environments. The flaw has been tracked as CVE-2025-68613 and is categorized under the highest severity level.
According to available information, the issue is linked to the workflow expression system used by n8n. This component is responsible for automating multiple processes within the platform. Due to the weakness in this system, attackers who gain access could exploit the flaw using an expression injection technique to trigger remote code execution.
Experts warn that successful exploitation may allow attackers to access sensitive data stored on affected servers. They could also modify workflows, execute system-level commands and in certain situations gain full control of the server environment.
The vulnerability has been added to the Known Exploited Vulnerabilities (KEV) catalogue maintained by the Cybersecurity and Infrastructure Security Agency. This database lists security flaws that are confirmed to be actively used in real-world cyberattacks. Notably, this is the 1st vulnerability affecting n8n to be included in the KEV database.
Developers of the n8n platform had already addressed the issue in an update released in December 2025. Patched versions of the software were rolled out, and users were advised to update their systems immediately. However, many servers are still running outdated versions of the platform.
Cybersecurity monitoring groups estimate that more than 24,700 n8n instances remain exposed online without proper security patches. A large number of these systems are located in North America and Europe. Around 12,300 systems are reported in North America, while approximately 7,800 are located across Europe.
Experts say the large number of unpatched servers creates a major opportunity for cybercriminals. If exploited on a wide scale, attackers could potentially gain access to networks belonging to numerous organizations and businesses.
Researchers have also identified 2 additional critical vulnerabilities affecting the n8n platform. One of them is tracked as CVE-2026-27577, which is described as another serious flaw linked to the workflow expression evaluation system. According to experts, this vulnerability could also enable remote code execution attacks.
Security analysts note that workflow automation platforms are now an essential part of the digital infrastructure used by many organizations. Any weakness in such systems can directly impact business operations, sensitive information and internal workflows.
A cybersecurity researcher said organizations should regularly update their software and carefully monitor servers connected to the internet. Failure to install security updates on time can allow even small vulnerabilities to turn into major cyber incidents.
Renowned cyber crime expert and former IPS officer Triveni Singh said,
“Cybercriminals increasingly scan the internet for vulnerable software and poorly configured servers. According to him, once a critical vulnerability becomes public, hackers often deploy automated tools to locate exposed systems across the internet and exploit them quickly.”
Experts have advised organizations and IT administrators to immediately install the latest versions of n8n and carry out detailed security audits of their systems. They have also recommended limiting unnecessary internet exposure and strengthening network security controls to reduce the risk of cyberattacks.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
