CISA orders FCEB agencies to patch n8n by March 25, 2026
Public Sector Action
Summary
Hide ▲
Show ▼
CISA ordered FCEB agencies to patch their n8n instances by March 25, 2026, turning a vulnerable workflow-automation platform into a federal remediation deadline. The mandate is tied to Binding Operational Directive 22-01, issued in November 2021, and applies after evidence of active exploitation. The order matters because unpatched n8n deployments can face remote code execution and full instance compromise.
Related Happenings
CISA emergency patch deadline for Ivanti EPMM
Public Sector Action
First: 08.05.2026 15:16
Last: 08.05.2026 15:16
Sources 1
About this happening:
CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....
CISA emergency patch deadline for Ivanti EPMM
Public Sector ActionAbout this happening: CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....
CISA KEV listing and FCEB firewall directive for CVE-2026-0300
Public Sector Action
First: 07.05.2026 13:57
Last: 07.05.2026 13:57
Sources 1
About this happening:
**CISA** added **CVE-2026-0300** to the **KEV Catalog** and ordered **FCEB agencies** to secure vulnerable firewalls by **May 9, 2026**. The federal directive makes the exploited...
CISA KEV listing and FCEB firewall directive for CVE-2026-0300
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-0300** to the **KEV Catalog** and ordered **FCEB agencies** to secure vulnerable firewalls by **May 9, 2026**. The federal directive makes the exploited...
CISA KEV order for BlueHammer patching
Public Sector Action
First: 23.04.2026 14:05
Last: 23.04.2026 14:05
Sources 1
About this happening:
**CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding the flaw to the **KEV Cat...
CISA KEV order for BlueHammer patching
Public Sector ActionAbout this happening: **CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding the flaw to the **KEV Cat...
CISA KEV directive for CVE-2026-20133
Public Sector Action
First: 21.04.2026 15:30
Last: 21.04.2026 15:30
Sources 1
About this happening:
On **Monday, April 21, 2026**, **CISA** added **CVE-2026-20133** to the **KEV Catalog** and ordered **FCEB agencies** to secure their networks by **Friday, April 24**. The directi...
CISA KEV directive for CVE-2026-20133
Public Sector ActionAbout this happening: On **Monday, April 21, 2026**, **CISA** added **CVE-2026-20133** to the **KEV Catalog** and ordered **FCEB agencies** to secure their networks by **Friday, April 24**. The directi...
CISA Apache ActiveMQ CVE-2026-34197 mitigation order
Advisory/Mitigation
First: 21.04.2026 14:17
Last: 21.04.2026 14:17
Sources 1
About this happening:
**CISA** ordered **FCEB agencies** to secure **Apache ActiveMQ** servers by **April 30** after **CVE-2026-34197** was confirmed **actively exploited**. The flaw can allow **arbitr...
CISA Apache ActiveMQ CVE-2026-34197 mitigation order
Advisory/MitigationAbout this happening: **CISA** ordered **FCEB agencies** to secure **Apache ActiveMQ** servers by **April 30** after **CVE-2026-34197** was confirmed **actively exploited**. The flaw can allow **arbitr...
Timeline
-
12.03.2026 07:18 2 articles · 2mo ago
CISA orders FCEB n8n patching
Legal Policy Action UpdateCISA ordered Federal Civilian Executive Branch agencies to patch their n8n instances by March 25, 2026 under Binding Operational Directive 22-01 after evidence of active exploitation of CVE-2025-68613, a CVSS 9.9 expression-injection flaw that can lead to remote code execution. n8n had already patched the issue in December 2025 in versions 1.120.4, 1.121.1, and 1.122.0, and more than 24,700 unpatched instances were exposed online as of early February 2026.
Show sources
- CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed — thehackernews.com — 12.03.2026 07:18
- CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed — thehackernews.com — 12.03.2026 07:18