Secure Cyber Vulnerability Management

06/01/2026
Qualys-Threat-Protect

N8n Critical Arbitrary Command Execution Vulnerability (CVE-2025-68668)

by Deepanshu Jha

A new vulnerability has been discovered in n8n, an open-source workflow automation tool. Tracked as CVE-2025-68668, the vulnerability has a critical severity rating with a CVSS score of 9.9. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process. For successful exploitation of the vulnerability, an attacker must be authenticated and have permission to create or modify workflows.

n8n is a powerful, open-source workflow automation tool that enables users to visually design and automate complex processes by connecting various apps, APIs, and services. It functions as a digital hub, transferring data and triggering actions between tools without manual intervention, while offering deep customization through code (JavaScript/Python).

Affected versions

The vulnerability affects N8n versions from 1.0.0 to before 2.0.0.

In n8n version 1.111.0, a task-runner-based native Python implementation was introduced as an optional feature, providing a more secure isolation model.  

Users can enable the feature by configuring the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables.

This implementation became the default starting with n8n version 2.0.0.

Mitigation

Users must upgrade to N8n version 2.0.0 to patch the vulnerability.

For more information, please refer to the GitHub Security Advisory.

Workarounds

  • Disable the Code Node by setting the environment variable NODES_EXCLUDE: "["n8n-nodes-base.code"]"
  • Disable Python support in the Code node by setting the environment variable N8N_PYTHON_ENABLED=false, which was introduced in n8n version 1.104.0.
  • Configure n8n to use the task runner-based Python sandbox via the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables.

Qualys Detection

Qualys customers can scan their devices with QID 733562 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://github.com/n8n-io/n8n/security/advisories/GHSA-62r4-hw23-cc8v

Comments are closed.

You may also like