Forwarded from Taiwan Computer Network Crisis Management and Coordination Center, Cybersecurity Alert TWCERTCC-200-202601-00000014

[Content Description]
n8n is an open-source workflow automation tool that connects various applications through a visual drag-and-drop interface, automating repetitive tasks without requiring code. Recently, n8n released several major cybersecurity vulnerability announcements.

【CVE-2025-68613, CVSS: 9.9】 This is a remote code execution vulnerability. Under certain conditions, it allows an authenticated attacker to execute arbitrary code with the privileges of an n8n process.

【CVE-2025-68668, CVSS: 9.9】 Due to a sandbox bypass vulnerability in the Python code node used by n8n in Pyodide, an authenticated attacker with permissions to create or modify workflows can execute arbitrary commands on the n8n server with the same privileges as the n8n process. [CVE-2026-21877, CVSS: 10.0] This vulnerability allows an authenticated attacker to execute malicious code using the n8n service, resulting in complete system compromise.

[CVE-2026-21858, CVSS: 10.0] This vulnerability allows an unauthenticated attacker to access underlying server files by executing certain form-based workflows, leading to the leakage of sensitive data stored in the system.

[Affected Platforms]
n8n versions 0.211.0 to 1.120.4 (excluding 1.120.4) and earlier
n8n version 1.121.0
n8n versions 1.0.0 to 2.0.0 (excluding 2.0.0) and earlier
n8n versions 0.121.2 (including 0.121.2) and earlier
n8n versions 1.65.0 to 1.121.0 (excluding 1.121.0) and earlier

[Recommended Actions]
【CVE-2025-68613】 Please update to the following versions: n8n 1.120.4, 1.121.1, 1.122.0
【CVE-2025-68668】 Please update to the following version: n8n 2.0.0
【CVE-2026-21877】 Please update to the following version: n8n 1.121.3 [CVE-2026-21858] Please update to the following version: n8n 1.121.0

[References]
1. https://www.twcert.org.tw/tw/cp-169-10636-1fa36-1.html