Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

N8n 2.4.0 security update for sandbox-escape flaw (CVE-2026-25049)

Security Patch Release
First reported
Last updated
Happening score
H score 49
1 unique sources, 1 articles

Summary

Hide ▲

n8n released version 2.4.0 on January 12, 2026, fixing a sandbox-escape bypass that could let authenticated workflow editors achieve remote code execution on affected servers. The update came after developers confirmed the bypass on December 30. Because the flaw could lead to full host compromise, the release is a security-critical update for exposed n8n deployments. Operators that cannot upgrade immediately should treat the vendor workaround as only a temporary mitigation.

Related Happenings

LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)

Security Patch Release
First: 27.05.2026 13:06 Last: 27.05.2026 13:06 Sources 1

About this happening: LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...

Open Happening

Cisco Secure Workload REST API patch release (CVE-2026-20223)

Security Patch Release
First: 22.05.2026 08:36 Last: 22.05.2026 08:36 Sources 1

About this happening: Cisco patched **CVE-2026-20223**, a **CVSS 10.0** Secure Workload REST API flaw that could expose sensitive data and allow configuration changes across tenant boundaries. The upda...

Open Happening

Ivanti security patch release for CVE-2026-8043

Security Patch Release
First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Open Happening

Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)

Security Patch Release
First: 15.05.2026 18:56 Last: 15.05.2026 18:56 Sources 1

About this happening: **Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...

Open Happening

F5 security patch release for CVE-2026-42945

Security Patch Release
First: 14.05.2026 09:00 Last: 14.05.2026 09:00 Sources 1

About this happening: F5 released **security fixes** for **NGINX Plus** and **NGINX Open Source** after disclosing **multiple vulnerabilities**, including **CVE-2026-42945**. The patch release covers i...

Latest development: 17.05.2026 14:57

VulnCheck reported active exploitation of CVE-2026-42945 against NGINX Plus and NGINX Open, saying honeypot networks saw weaponized crafted HTTP requests that can crash worker processes and, when ASLR is disabled, enable remote code execution.

Open Happening

Timeline

  1. 04.02.2026 23:14 1 articles · 3mo ago

    Researchers demonstrate a chained sandbox bypass in n8n

    Technical Analysis Update

    Researchers demonstrated to n8n maintainers that a chained bypass in the workflow-expression sandbox could escape to the Node.js global object and reach remote code execution on the n8n server for an authenticated workflow editor.

    Show sources
    Open in new tab
  2. 04.02.2026 23:14 1 articles · 3mo ago

    Initial n8n fix leaves a second escape path

    Mitigation Patch Update

    A fix was implemented for the n8n sandbox-escape issue, but further analysis showed the patch was incomplete and a second escape path using equivalent operations could still reach arbitrary code execution.

    Show sources
    Open in new tab
  3. 04.02.2026 23:14 1 articles · 3mo ago

    n8n confirms the bypass

    Technical Analysis Update

    n8n developers confirmed the bypass affecting the workflow-expression sandbox, validating that weak sanitization and AST-based sandboxing could still be used against the platform.

    Show sources
    Open in new tab
  5. 04.02.2026 23:14 1 articles · 3mo ago

    CVE-2026-25049 is publicly disclosed

    Initial Disclosure

    Researchers publicly disclosed CVE-2026-25049 in n8n, describing critical sanitization bypasses that enabled remote code execution, credential theft, filesystem access, pivoting into connected cloud and internal systems, and multi-tenant data exposure; they also noted no public exploitation reports and recommended upgrading to the fixed releases 1.123.17 and 2.5.2.

    Show sources
    Open in new tab