Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerability in n8n Platform

6 February 2026

n8n has released security update addressing a critical vulnerability in n8n open-source workflow automation platform. Users and administrators of affected products are advised to update to the latest version immediately.

Background

n8n has released security update addressing a critical vulnerability (CVE-2026-25049) in n8n open-source workflow automation platform. 

Impact

Successful exploitation of this vulnerability could allow an attacker to perform full remote code execution within affected n8n environments potentially leading to unauthorised access, data compromise, or disruption of workflows and connected systems.

Affected Products

The vulnerability affects n8n versions prior to 1.123.17 and 2.5.2. 

Recommendations

Users and administrators of affected products are advised to update to the latest version immediately.

If immediate patching is not feasible, administrators should consider the following temporary mitigations:

  • Limit workflow creation and editing permissions to fully trusted users only.

  • Deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of a potential exploitation.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

References

https://www.bleepingcomputer.com/news/security/critical-n8n-flaws-disclosed-along-with-public-exploits/

https://feedly.com/cve/CVE-2026-25049

https://nvd.nist.gov/vuln/detail/CVE-2026-25049

Back to top