[Content]
Forwarded from TWCERTCC-200-202601-00000014

n8n is an open-source workflow automation tool that connects multiple applications through a visual drag-and-drop interface, enabling the automation of repetitive tasks without the need for coding. Recently, n8n released multiple critical security advisories. 【CVE-2025-68613, CVSS: 9.9】This is a remote code execution vulnerability that, under specific conditions, allows authenticated attackers to execute arbitrary code with the privileges of the n8n process.

【CVE-2025-68668, CVSS: 9.9】Due to a sandbox escape vulnerability in the Python code node using Pyodide in n8n, authenticated attackers with permissions to create or modify workflows can execute arbitrary commands on the n8n server with the same privileges as the n8n process.

【CVE-2026-21877, CVSS: 10.0】This vulnerability allows authenticated attackers to execute malicious code through the n8n service, potentially resulting in complete system compromise.

【CVE-2026-21858, CVSS: 10.0】This vulnerability allows unauthenticated attackers to access files on the underlying server by executing certain form-based workflows, leading to the leakage of sensitive data stored in the system.

(Information Sharing Level: WHITE (Information content can be publicly disclosed)

[Affected Platform]
n8n versions 0.211.0 through earlier than 1.120.4 (exclusive)

n8n version 1.121.0 n8n versions 1.0.0 through earlier than 2.0.0 (exclusive)

n8n versions up to and including 0.121.2 n8n versions 1.65.0 through earlier than 1.121.0 (exclusive)

[Recommended Actions]
【CVE-2025-68613】Please update to one of the following versions: n8n version 1.120.4, 1.121.1, or 1.122.0

【CVE-2025-68668】Please update to the following version: n8n version 2.0.0

【CVE-2026-21877】Please update to the following version: n8n version 1.121.3

【CVE-2026-21858】Please update to the following version: n8n version 1.121.0