n8n: Attacks observed targeting vulnerability in automation tool
Attacks are currently targeting a vulnerability in the automation tool n8n. Updates have been available since January.
(Image: Skorzewiak/Shutterstock.com)
Attacks are currently targeting the AI-powered automation software n8n. Malicious actors are exploiting a security vulnerability in the process automation tool, known since January.
The US cybersecurity authority CISA is currently warning about this. It has added the vulnerability CVE-2025-68613 to its “Known Exploited Vulnerabilities” catalog. It became known at the beginning of the year and can be linked with other vulnerabilities to enable the execution of arbitrary system commands. The CVSS score of 8.8 indicates the risk as only “high,” however, a Proof-of-Concept Exploit (PoC) already showed the link to the security vulnerability named “Ni8mare,” CVE-2026-21858 (CVSS 10, risk “critical”).
As usual, CISA does not provide further details on the observed attacks. The scope remains unclear, as do the specific attacks. Therefore, there are also no indicators of compromise (IOCs) to identify successful attacks.
n8n: Numerous vulnerable systems online
However, there appear to be numerous inadequately secured n8n systems on the internet. The Shadowserver Foundation measured between late December 2025 and early February 2026 how many systems are vulnerable to “Ni8mare.” At the beginning of February, there were still 24,607 systems globally, of which 7,878 were in Europe. At the end of February, further vulnerabilities were discovered in n8n, including three classified as critical risk. Pillar Security has provided a detailed analysis of one of them, CVE-2026-27493 (CVSS4 9.5, risk “critical”). According to them, they found more than 50,000 potentially vulnerable endpoints online -- for a zero-click vulnerability that allows code smuggling. According to the analysis, more than 230,000 organizations use n8n, and the Docker containers have been pulled more than 100 million times.
Videos by heise
IT managers deploying n8n instances in their organization should therefore ensure they are using the patched versions (2.10.1, 2.9.3, and 1.123.22 respectively, or the current, even newer versions). Furthermore, the tool should not be accessible from the internet. Additional access restrictions within the local network to the computers of employees and systems working with it also appear to be a sensible measure.
(dmk)
