CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed

2026-03-12

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

CISA has added a critical remote code execution vulnerability in n8n (CVE-2025-68613) to its Known Exploited Vulnerabilities catalog, with over 24,700 unpatched instances still exposed online.

•CVE-2025-68613 carries a CVSS score of 9.9 and stems from expression injection in n8n's workflow expression evaluation system
•The flaw was patched in December 2025 in n8n versions 1.120.4, 1.121.1, and 1.122.0
•An authenticated attacker can exploit the vulnerability to execute arbitrary code with the privileges of the n8n process, potentially compromising the entire instance
•Over 12,300 of the exposed instances are in North America and 7,800 in Europe as of early February 2026
•FCEB agencies are mandated to patch by March 25, 2026; Pillar Security also disclosed a related critical flaw CVE-2026-27577 (CVSS 9.4)

CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture