CISA added n8n vulnerability CVE-2025-68613 (CVSS 9.9) to its Known Exploited Vulnerabilities catalog on March 12, 2026, ordering federal agencies to patch by March 25. The critical flaw allows authenticated attackers to execute arbitrary code and steal stored credentials through expression injection. Moreover, over 24,700 instances remain exposed online despite the patch being available since December 2025—12,300 in North America and 7,800 in Europe—demonstrating a systemic failure in self-hosted software maintenance.
Complete Server Compromise Through Expression Injection
The vulnerability stems from insufficient sandboxing of JavaScript expressions in workflow definitions. Consequently, attackers with authentication can supply malicious expressions that escape the intended sandbox and execute arbitrary system commands with the privileges of the n8n process. In practical terms, this means complete server compromise.
However, what makes this particularly dangerous is what n8n does. As a workflow automation platform, n8n stores credentials for every service it connects to—API keys for cloud providers, database passwords, OAuth tokens for SaaS applications, and authentication secrets for internal systems. Therefore, a compromised n8n instance doesn’t just give attackers access to one server. It gives them access to everything that instance connects to.
The attack requires authentication, but not elevated privileges. Furthermore, any user with permission to create or edit workflows—a capability commonly granted to developers, DevOps engineers, and automation owners—can exploit the flaw. The technical details are documented in CVE-2025-68613, which carries a CVSS score of 9.9 out of 10.
24,700 Vulnerable Instances After Three Months
n8n released the patch in December 2025 with version 1.122.0, addressing the vulnerability in versions 0.211.0 through 1.120.4 and 1.121.0 through 1.121.1. That was three months ago. Nevertheless, according to Shadowserver Foundation tracking data, over 24,700 unpatched instances remain exposed online as of early February 2026.
The geographic distribution tells a story about where self-hosted infrastructure tools see the most deployment. Specifically, 12,300 instances are in North America (49.8%), 7,800 in Europe (31.6%), and roughly 4,600 in other regions. These are production systems running workflow automation for real organizations, and they’re all vulnerable to complete compromise.
CISA doesn’t add vulnerabilities to the KEV catalog lightly. In fact, the addition requires reliable evidence of active exploitation in the wild, a CVE identifier, and available patches. When CISA orders federal agencies to remediate a vulnerability within two weeks—as it did on March 12—that’s a signal that exploitation is confirmed, widespread, and ongoing.
Developers Building Automation Aren’t Automating Security
The irony is hard to miss. Indeed, n8n exists to automate workflows. Developers use it to connect systems, trigger actions, and eliminate manual processes. Yet 24,700 of them aren’t automating their own security updates. Three months after a critical patch becomes available, the vast majority of exposed instances remain unpatched.
This isn’t unique to n8n. Self-hosted software suffers from a “set it and forget it” problem. Organizations deploy infrastructure tools, get them working, and move on to the next project. Subsequently, there’s no central visibility, no automated patching, and no one checking whether critical security updates have been applied. The software runs silently in the background until something breaks—or until CISA forces action with a federal mandate.
The reasons are predictable. They include fear of breaking production systems, lack of time to test updates, no clear ownership for maintenance, and insufficient tracking of what’s actually deployed. Meanwhile, developers are busy, testing takes time, and “if it ain’t broke, don’t fix it” becomes the default posture. The result is a three-month gap between patch availability and enforcement action, during which attackers have free reign to exploit vulnerable systems.
What Developers Should Do Immediately
If you’re running n8n, check your version now. The official security advisory specifies that any version from 0.211.0 to 1.120.4, or 1.121.0 to 1.121.1, is vulnerable. Additionally, update to version 1.122.0 or later immediately. The update documentation provides step-by-step instructions for both self-hosted and cloud deployments.
Beyond patching, audit what your n8n instance connects to. Specifically, review the API keys, database credentials, and OAuth tokens stored in your workflows. That’s your blast radius if the instance is compromised. Additionally, check access logs for suspicious activity, particularly workflow modifications or unexpected authentication patterns from the period before you patched.
Federal agencies have until March 25 to comply with CISA’s directive. However, everyone else should treat this with the same urgency. A CVSS 9.9 vulnerability with active exploitation and a three-month-old patch isn’t a theoretical risk. It’s an ongoing attack that you’re either protected against or exposed to.
The broader lesson is that self-hosted infrastructure tools need the same rigor applied to application code. Ultimately, automated patching, centralized visibility, and regular security audits aren’t optional extras. They’re the baseline for operating critical automation infrastructure, even when that infrastructure is “just” a workflow tool running quietly in the background.
