Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA orders FCEB agencies to patch n8n by March 25, 2026

Public Sector Action
First reported
Last updated
Happening score
H score 71
1 unique sources, 1 articles

Summary

Hide ▲

CISA ordered FCEB agencies to patch their n8n instances by March 25, 2026, turning a vulnerable workflow-automation platform into a federal remediation deadline. The mandate is tied to Binding Operational Directive 22-01, issued in November 2021, and applies after evidence of active exploitation. The order matters because unpatched n8n deployments can face remote code execution and full instance compromise.

Related Happenings

Trump executive order sets federal PQC migration deadlines

Public Sector Action
H score23 First: 23.06.2026 18:16 Last: 23.06.2026 18:16 Sources 1

About this happening: President Trump signed **EO 14409**, ordering **federal agencies** to migrate **high-value assets** and **high-impact systems** to **post-quantum cryptography** on a fixed schedul...

CISA orders FCEB Ivanti Sentry remediation under BOD 26-04

Public Sector Action
H score36 First: 12.06.2026 11:26 Last: 12.06.2026 11:26 Sources 1

About this happening: **CISA** ordered **FCEB agencies** to secure **Ivanti Sentry** within **three days** after confirming **CVE-2026-10520** is being **actively exploited**, creating immediate remedi...

CISA KEV order for FCEB remediation of CVE-2026-50751

Public Sector Action
H score43 First: 09.06.2026 11:18 Last: 09.06.2026 11:18 Sources 1

About this happening: **CISA** ordered **Federal Civilian Executive Branch** agencies to secure **CVE-2026-50751**, forcing a rapid federal response to a flaw that can let attackers bypass authenticati...

CISA emergency patch deadline for Ivanti EPMM

Public Sector Action
H score40 First: 08.05.2026 15:16 Last: 08.05.2026 15:16 Sources 1

About this happening: CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....

CISA KEV listing and FCEB firewall directive for CVE-2026-0300

Public Sector Action
H score64 First: 07.05.2026 13:57 Last: 07.05.2026 13:57 Sources 1

About this happening: **CISA** added **CVE-2026-0300** to the **KEV Catalog** and ordered **FCEB agencies** to secure vulnerable firewalls by **May 9, 2026**. The federal directive makes the exploited...

Timeline

  1. 12.03.2026 07:18 2 articles · 3mo ago

    CISA orders FCEB n8n patching

    Legal Policy Action Update

    CISA ordered Federal Civilian Executive Branch agencies to patch their n8n instances by March 25, 2026 under Binding Operational Directive 22-01 after evidence of active exploitation of CVE-2025-68613, a CVSS 9.9 expression-injection flaw that can lead to remote code execution. n8n had already patched the issue in December 2025 in versions 1.120.4, 1.121.1, and 1.122.0, and more than 24,700 unpatched instances were exposed online as of early February 2026.

    Show sources