cve detail

CVE-2025-68613

naam

n8n Improper Control of Dynamically-Managed Code Resources Vulnerability

n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution.

KEV

bekend misbruikt

EPSS

82%

percentiel

99%

vendor

n8n

product

n8n

toegevoegd aan KEV

11 mrt 2026

due date

25 mrt 2026

ransomware

Unknown

CWE

CWE-913

EPSS datum

12 mei 2026

aanbevolen actie

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

notities

https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp ; https://nvd.nist.gov/vuln/detail/CVE-2025-68613