AgenceEvana
Back to bulletins
Critical2026-03-11CVSS 9.9CVE-2025-68613 (2026-03-11)n8nrceexpression-injectionworkflow

n8n Remote Code Execution via Expression Injection

A critical vulnerability in n8n's workflow expression evaluation allows authenticated users to escape the sandbox and achieve remote code execution on the host server. Actively exploited in the wild.

Context

n8n is a popular open-source workflow automation platform. CVE-2025-68613 (GHSA-v98v-ff95-f3cp) affects the core expression evaluation engine in versions 0.211.0 through 1.122.0. CISA added it to the Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation.

Vulnerability

The flaw resides in n8n's expression evaluation sandbox, which insufficiently isolates user-supplied expressions from the underlying Node.js runtime. A specially crafted workflow expression can escape the sandbox and access the Node.js global this object.

From there, the attacker can reach process.mainModule and spawn arbitrary OS commands:

// Malicious expression escaping the sandbox
{{ Function('return this')().process.mainModule.require('child_process').execSync('id').toString() }}

This grants full RCE with the privileges of the n8n process.

Attack Requirements

  • Authentication required — but no elevated privileges beyond workflow creation or editing
  • Low attack complexity
  • Network-accessible

Impact

  • Full instance takeover
  • Data exfiltration (credentials, workflow secrets, connected service tokens)
  • Lateral movement to connected systems via existing workflow integrations
  • ~24,700 instances remain publicly exposed according to CISA
  • CISA remediation deadline: March 25, 2026

Affected Versions

Vulnerable: 0.211.0 to 1.120.3, and 1.121.0

Fixed: 1.120.4, 1.121.1, 1.122.0+

Indicators of Compromise (IOCs)

Web request patterns — inspect HTTP request bodies sent to the n8n application for expressions containing:

  • Function('return this')()
  • process.mainModule.require
  • child_process
  • execSync, exec, spawn

Post-exploitation behavior:

  • Reverse shell connections originating from the n8n process
  • Unexpected child processes spawned by the n8n Node.js process (e.g., /bin/sh, curl, wget)
  • File writes outside normal n8n data directories
  • Reconnaissance commands (whoami, id, uname, env, cat /etc/passwd)

Detection: correlate web access logs with process creation events on the n8n host. A spike in exploitation was observed around late December 2025.

Remediation

  1. Upgrade immediately to n8n 1.120.4, 1.121.1, or 1.122.0+ which harden expression evaluation and prevent sandbox escapes.
  2. Audit workflow history for suspicious expressions accessing process, require, or child_process.
  3. Restrict workflow creation/editing permissions to trusted users.
  4. Do not expose n8n instances directly to the internet — use a reverse proxy with authentication.