Washington | A major cyber security concern has emerged for the global technology community after a critical vulnerability was discovered in the automation platform n8n. A U.S. cybersecurity agency has issued a warning about the flaw and added it to a list of vulnerabilities that are actively being exploited by cybercriminals.
Security experts say the flaw is extremely serious because it could allow attackers to run malicious code remotely on affected systems, potentially giving them full control over the compromised environment. The vulnerability has been tracked as CVE-2025-68613 and is considered to be in the highest severity category.
FCRF Launches Flagship Certified Fraud Investigator (CFI) Program
According to available information, the issue is linked to the workflow expression system used by n8n. This system is responsible for automating various processes within the platform. Due to the security weakness, an attacker who gains access to the system could exploit the flaw through an expression injection technique to trigger remote code execution.
Experts warn that successful exploitation could allow cyber attackers to access sensitive information stored on the affected server. In addition, they could modify workflows, execute system-level commands and in some cases gain complete control over the entire server environment.
The cybersecurity agency has added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, a list that includes vulnerabilities confirmed to be actively abused in real-world cyberattacks. This marks the first vulnerability affecting n8n to be included in the KEV database.
Developers of the n8n platform had already addressed the issue in an update released in December 2025. The company rolled out patched versions of the software and advised users to upgrade their systems immediately. However, despite the availability of the fix, a large number of servers are still running outdated and vulnerable versions.
Cybersecurity monitoring groups estimate that more than 24,700 n8n instances remain exposed on the internet without proper patches. A significant portion of these systems are located in North America and Europe. Data suggests that approximately 12,300 systems are in North America, while around 7,800 are located across Europe.
Experts say the presence of such a large number of unpatched servers creates a major opportunity for cybercriminals. If attackers exploit this vulnerability on a large scale, they could potentially gain access to the networks of numerous organizations and businesses.
Meanwhile, cybersecurity researchers have also identified two additional critical vulnerabilities affecting the n8n platform. One of them has been tracked as CVE-2026-27577, which is described as another serious flaw related to the same workflow expression evaluation system. According to experts, this vulnerability could also enable remote code execution attacks.
Security analysts point out that workflow automation platforms have become an important part of the digital infrastructure of many organizations. Any weakness in such systems can directly affect business operations, sensitive data and internal processes.
A cybersecurity researcher said organizations should regularly update their software and closely monitor internet-facing servers. Failure to apply security patches on time can turn even a minor vulnerability into a major cyber incident.
Renowned cyber crime expert and former IPS officer Prof. Triveni Singh said,
“Cybercriminals increasingly scan the internet for vulnerable software and poorly configured servers. According to him, once a critical vulnerability becomes public, hackers often deploy automated tools to locate exposed systems across the internet and exploit them quickly.”
Experts have advised organizations and IT administrators to immediately install the latest versions of n8n and conduct thorough security audits of their systems. They have also recommended limiting unnecessary internet exposure and strengthening network security controls to prevent potential cyberattacks.
About the author — Suvedita Nath is a science student with a growing interest in cybercrime and digital safety. She writes on online activity, cyber threats, and technology-driven risks. Her work focuses on clarity, accuracy, and public awareness.
