CISA Sounds the Alarm: n8n Automation Platform Under Active Attack as 24,700 Instances Sit Exposed

If you have ever set up an n8n instance to automate workflows and then promptly forgotten about it, now would be an excellent time to remember. CISA added CVE-2025-68613 to its Known Exploited Vulnerabilities catalog on March 11, 2026, which means someone out there is actively using this bug to break into systems. The federal deadline for remediation is March 25, giving organizations exactly two weeks to patch or face the music.

The vulnerability in question allows attackers to achieve remote code execution through n8n's workflow expression evaluation system. For the uninitiated, n8n is an open-source workflow automation platform that has become wildly popular for connecting apps, automating tasks, and generally making life easier for developers and operations teams. It is the kind of tool that gets spun up for a quick project and then quietly runs in the background, sometimes for years, often without anyone checking whether it has been updated recently.

According to security researchers, approximately 24,700 n8n instances remain exposed on the internet as of this week. That is 24,700 potential entry points for attackers who now have a known, working exploit path. The math here is not complicated.

The situation gets more interesting when you look at the full scope of what n8n disclosed in late February and early March. Beyond CVE-2025-68613, researchers at Pillar Security identified four additional critical vulnerabilities that deserve your attention. CVE-2026-27577 carries a CVSS score of 9.4 and involves a sandbox escape in the expression compiler where a missing case in the AST rewriter allows the process object to slip through untransformed, giving any authenticated expression full RCE capabilities. CVE-2026-27493 scores even higher at 9.5 and represents what the researchers describe as a "double-evaluation bug" in n8n's Form nodes.

The Form node vulnerability is particularly nasty because those endpoints are public by design. They require neither authentication nor an n8n account. An attacker can submit a payload through a simple "Contact Us" form, and if the stars align correctly, they execute arbitrary shell commands on the server. Pillar Security demonstrated they could weaponize this in under four minutes using a public form field.

But wait, there is more. CVE-2026-27495 and CVE-2026-27497 round out the critical quartet. The first involves a code injection vulnerability in the JavaScript Task Runner sandbox that allows authenticated users to break out of the sandbox boundary and execute arbitrary code. The second affects the Merge node's SQL query mode, enabling authenticated users to execute arbitrary code and write arbitrary files to the n8n server.

Here is the part that should make security teams lose sleep: successful exploitation of these vulnerabilities allows attackers to read the N8N_ENCRYPTION_KEY environment variable. With that key in hand, they can decrypt every credential stored in n8n's database. We are talking about AWS keys, database passwords, OAuth tokens, and API keys. In a typical enterprise environment, n8n might be connected to dozens of services, each with its own set of credentials. Compromising that single n8n instance could cascade into access across the entire technology stack.

The affected versions span both self-hosted and cloud deployments, though n8n has released patches. Versions 2.10.1, 2.9.3, and 1.123.22 address all of the critical issues. For organizations that cannot patch immediately, n8n recommends a series of mitigations that essentially boil down to limiting who can create or modify workflows, deploying n8n in hardened environments with restricted privileges, and considering whether certain nodes should be disabled entirely by adding them to the NODES_EXCLUDE environment variable.

The timing of CISA's addition to the KEV catalog suggests that exploitation moved beyond proof-of-concept relatively quickly. When federal agencies start setting two-week deadlines, it usually means the threat has progressed from theoretical to very real.

For managed service providers and IT teams, this is exactly the kind of vulnerability that falls through the cracks. n8n is often deployed by developers or operations folks who needed to automate something quickly. It might not be in the official asset inventory. It might be running on an old VM that nobody remembers provisioning. It might be exposed to the internet because someone needed to trigger a webhook from an external service three years ago.

The recommendation here is straightforward but requires action: find every n8n instance in your environment, determine whether it is running a vulnerable version, and either patch it or implement the recommended mitigations. If you discover instances you did not know existed, that itself is a finding worth documenting.

The 24,700 exposed instances number will drop over the coming weeks as organizations respond to CISA's alert. The question is whether your organization's instances will be among the patched ones or among the compromised ones. With attackers already actively exploiting this vulnerability, the window for action is closing faster than anyone would like.