A newly disclosed critical vulnerability,  tracked as CVE-2026-25049, in the workflow automation platform n8n, allows authenticated users to execute arbitrary system commands on the underlying server by exploiting weaknesses in the platform’s expression evaluation mechanism. With a CVSS score of 9.4, the issue is classified as critical and poses a high risk to affected systems. 

The CVE-2026-25049 vulnerability is the result of insufficient input sanitization in n8n’s expression handling logic. Researchers found that the flaw effectively bypasses security controls introduced to mitigate CVE-2025-68613, an earlier critical vulnerability with a CVSS score of 9.9 that was patched in December 2...