A severe vulnerability, tracked as CVE-2025-68668 with a CVSS score of 9.9, was recently discovered in n8n, an open-source workflow automation platform. The flaw enables authenticated users with create or modify workflows permissions to execute arbitrary system commands on the underlying host. Review this Cybersecurity Threat Advisory now to mitigate potential risk.
What is the threat?
This flaw affects all versions prior to 2.0.0 and follows another critical issue, CVE-2025-68613, which also scored 9.9 on the CVSS scale. It stems from a sandbox bypass in the Python Code Node, which uses Pyodide. An authenticated user with workflow creation or modification rights can exploit this flaw to run arbitrary operating system commands on the host with the same privileges as the n8n process. Exploitation requires legitimate internal permissions rather than remote unauthenticated access, making misconfigured deployments or those with overly broad permissions especially vulnerable.
Why is it noteworthy?
n8n is widely adopted, with roughly 57,000 weekly downloads. A vulnerability enabling command execution—even through authenticated access—poses significant risks for self-hosted environments, particularly CI/CD pipelines that rely on n8n for automation. The back-to-back disclosure of these high-severity vulnerabilities highlights the urgent need for timely patching, hardened configurations, strict access controls, and vigilant monitoring.
What is the exposure or risk?
The risk primarily impacts on-premises and self-hosted deployments running versions 1.0.0–1.99.x where authenticated users can create or modify workflows. Successful exploitation could enable attackers to install backdoors, exfiltrate data, or move laterally across connected systems. Environments with broad user permissions, weak network segmentation, or hosts running with elevated privileges face the greatest exposure.
What are the recommendations?
Barracuda recommends the following actions to secure your devices against this vulnerability:
- Update to n8n version 2.0.0 or later, which addresses the flaw
- If updating is not immediately possible, apply these workarounds:
- Disable the Code Node:
NODES_EXCLUDE: "[\"n8n-nodes-base.code\"]" Disable Python support in the Code Node:N8N_PYTHON_ENABLED=falseConfigure n8n to use the task runner-based Python sandbox:N8N_RUNNERS_ENABLEDandN8N_NATIVE_PYTHON_RUNNER
- Disable the Code Node:
- Implement the Principle of Least Privilege
- Audit user and host permissions quarterly to maintain security hygiene
References
For more in-depth information about the recommendations, please visit the following links:
- https://thehackernews.com/2026/01/new-n8n-vulnerability-99-cvss-lets.html
- https://thehackernews.com/2025/12/critical-n8n-flaw-cvss-99-enables.html
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.