Threat Intelligence / CVE / CVE-2026-25052

CVE-2026-25052

CVSS 9.9 (CRITICAL) · EPSS 0.0% · Published 2026-02-04

n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical configuration data and user credentials, leading to complete account takeover of any user on the instance. This issue has been patched in versions 1.123.18 and 2.5.0.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Weaknesses (CWE)

CWE-367, NVD-CWE-Other

Threats tracking this CVE

n8n Multi-CVE Vulnerability Cascade — Expression Sandbox Escape, Pyodide RCE, Arbitrary File Write, Command Injection (9 CVEs, 2× CVSS 10.0) — CRITICAL

References

https://github.com/n8n-io/n8n/security/advisories/GHSA-gfvg-qv54-r4pc

Full detection coverage & IOCs for threats exploiting CVE-2026-25052 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence