CISA orders FCEB agencies to patch n8n by March 25, 2026
Public Sector Action
Summary
Hide ▲
Show ▼
CISA ordered FCEB agencies to patch their n8n instances by March 25, 2026, turning a vulnerable workflow-automation platform into a federal remediation deadline. The mandate is tied to Binding Operational Directive 22-01, issued in November 2021, and applies after evidence of active exploitation. The order matters because unpatched n8n deployments can face remote code execution and full instance compromise.
Related Happenings
Trump executive order sets federal PQC migration deadlines
Public Sector Action
H score23
First: 23.06.2026 18:16
Last: 23.06.2026 18:16
Sources 1
About this happening:
President Trump signed **EO 14409**, ordering **federal agencies** to migrate **high-value assets** and **high-impact systems** to **post-quantum cryptography** on a fixed schedul...
Trump executive order sets federal PQC migration deadlines
Public Sector ActionAbout this happening: President Trump signed **EO 14409**, ordering **federal agencies** to migrate **high-value assets** and **high-impact systems** to **post-quantum cryptography** on a fixed schedul...
CISA orders FCEB Ivanti Sentry remediation under BOD 26-04
Public Sector Action
H score36
First: 12.06.2026 11:26
Last: 12.06.2026 11:26
Sources 1
About this happening:
**CISA** ordered **FCEB agencies** to secure **Ivanti Sentry** within **three days** after confirming **CVE-2026-10520** is being **actively exploited**, creating immediate remedi...
CISA orders FCEB Ivanti Sentry remediation under BOD 26-04
Public Sector ActionAbout this happening: **CISA** ordered **FCEB agencies** to secure **Ivanti Sentry** within **three days** after confirming **CVE-2026-10520** is being **actively exploited**, creating immediate remedi...
CISA KEV order for FCEB remediation of CVE-2026-50751
Public Sector Action
H score43
First: 09.06.2026 11:18
Last: 09.06.2026 11:18
Sources 1
About this happening:
**CISA** ordered **Federal Civilian Executive Branch** agencies to secure **CVE-2026-50751**, forcing a rapid federal response to a flaw that can let attackers bypass authenticati...
CISA KEV order for FCEB remediation of CVE-2026-50751
Public Sector ActionAbout this happening: **CISA** ordered **Federal Civilian Executive Branch** agencies to secure **CVE-2026-50751**, forcing a rapid federal response to a flaw that can let attackers bypass authenticati...
CISA emergency patch deadline for Ivanti EPMM
Public Sector Action
H score40
First: 08.05.2026 15:16
Last: 08.05.2026 15:16
Sources 1
About this happening:
CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....
CISA emergency patch deadline for Ivanti EPMM
Public Sector ActionAbout this happening: CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....
CISA KEV listing and FCEB firewall directive for CVE-2026-0300
Public Sector Action
H score64
First: 07.05.2026 13:57
Last: 07.05.2026 13:57
Sources 1
About this happening:
**CISA** added **CVE-2026-0300** to the **KEV Catalog** and ordered **FCEB agencies** to secure vulnerable firewalls by **May 9, 2026**. The federal directive makes the exploited...
CISA KEV listing and FCEB firewall directive for CVE-2026-0300
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-0300** to the **KEV Catalog** and ordered **FCEB agencies** to secure vulnerable firewalls by **May 9, 2026**. The federal directive makes the exploited...
Timeline
-
12.03.2026 07:18 2 articles · 3mo ago
CISA orders FCEB n8n patching
Legal Policy Action UpdateCISA ordered Federal Civilian Executive Branch agencies to patch their n8n instances by March 25, 2026 under Binding Operational Directive 22-01 after evidence of active exploitation of CVE-2025-68613, a CVSS 9.9 expression-injection flaw that can lead to remote code execution. n8n had already patched the issue in December 2025 in versions 1.120.4, 1.121.1, and 1.122.0, and more than 24,700 unpatched instances were exposed online as of early February 2026.
Show sources
- CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed — thehackernews.com — 12.03.2026 07:18
- CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed — thehackernews.com — 12.03.2026 07:18