n8n patches critical expression sandbox escape enabling RCE
TL;DR — A critical sandbox escape in n8n's expression evaluator lets authenticated workflow editors execute arbitrary system commands on the host machine.
What happened
n8n is an open-source workflow automation platform that lets teams connect APIs and build automations, often self-hosted as an alternative to Zapier. A critical vulnerability in n8n allows authenticated users who can create or modify workflows to escape the expression-evaluation sandbox and execute system commands on the host. This is described as additional exploits following a prior sandbox escape (CVE-2025-68613), assigned a CVSS v4.0 base score of 9.4 (Critical).
Sandbox escapes in workflow/automation platforms are a recurring theme — n8n, Prefect, and Budibase have all seen similar issues in the past year, highlighting the difficulty of safely evaluating user-provided expressions.
Who is impacted
- Self-hosted n8n deployments where users can create or modify workflows.
- Affected version ranges:
| Branch | Affected | Fixed |
|---|---|---|
| 1.x | < 1.123.22 | 1.123.22 |
| 2.x stable | >= 2.0.0, < 2.9.3 | 2.9.3 |
| 2.x beta | >= 2.10.0, < 2.10.1 | 2.10.1 |
What to do now
- Follow vendor remediation guidance and apply the latest patched release available at the time of writing.
- If you cannot patch immediately:
- Limit workflow creation/editing permissions to fully trusted users only.
- Run n8n in a hardened environment with restricted OS privileges and network access.
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.