Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
10.0
n8n Allows Malicious Code Execution via Workflow Expression
Known exploited
Exploitation likelihood: 77%
GHSA-v98v-ff95-f3cp
CVE-2025-68613
CVE-2025-68613
Summary
An attacker can inject malicious code into an n8n workflow, potentially allowing them to execute arbitrary system commands. This could lead to data theft, unauthorized access, or system compromise. To protect your organization, ensure you're running the latest version of n8n and consider implementing additional security measures, such as input validation and sanitization.
What to do
- Update n8n to version 1.120.4.
- Update n8n to version 1.121.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | n8n | > 0.211.0 , <= 1.120.4 | 1.120.4 |
| – | n8n | > 1.121.0 , <= 1.121.1 | 1.121.1 |
| n8n | n8n | > 0.211.0 , <= 1.120.4 | – |
| n8n | n8n | > 1.121.0 , <= 1.121.1 | – |
| n8n | n8n | All versions | – |
| n8n | n8n | 1.121.0 | – |
Original title
n8n Improper Control of Dynamically-Managed Code Resources Vulnerability
Original description
n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution.
ghsa CVSS3.1
10.0
Vulnerability type
CWE-913
- https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp
- https://nvd.nist.gov/vuln/detail/CVE-2025-68613
- https://github.com/n8n-io/n8n/commit/08f332015153decdda3c37ad4fcb9f7ba13a7c79
- https://github.com/n8n-io/n8n/commit/1c933358acef527ff61466e53268b41a04be1000
- https://github.com/n8n-io/n8n/commit/39a2d1d60edde89674ca96dcbb3eb076ffff6316
- https://github.com/advisories/GHSA-v98v-ff95-f3cp
- https://www.akamai.com/blog/security-research/2026/feb/zerobot-malware-targets-n...
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-...
Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 6 Mar 2026