{"id":223048,"date":"2026-03-12T09:34:00","date_gmt":"2026-03-12T13:34:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/12\/cisa-says-n8n-critical-bug-exploited-in-real-world-attacks-the-register\/"},"modified":"2026-03-13T02:00:11","modified_gmt":"2026-03-13T06:00:11","slug":"cisa-says-n8n-critical-bug-exploited-in-real-world-attacks-the-register","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/12\/cisa-says-n8n-critical-bug-exploited-in-real-world-attacks-the-register\/","title":{"rendered":"CISA says n8n critical bug exploited in real-world attacks \u2022 The Register"},"content":{"rendered":"<p><a href=\"https:\/\/www.theregister.com\/2026\/03\/12\/cisa_n8n_rce\/\">CISA says n8n critical bug exploited in real-world attacks \u2022 The Register<\/a><\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/03\/12\/cisa_n8n_rce\/\">https:\/\/www.theregister.com\/2026\/03\/12\/cisa_n8n_rce\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-12 09:34:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.theregister.com\">www.theregister.com<\/a><\/p>\n<p>The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that hackers are exploiting a max-severity remote code execution (RCE) vulnerability in workflow automation platform n8n.<\/p>\n<p>CISA urged all federal civilian executive branch (FCEB) agencies to patch CVE-2025-68613 at once because it carries a near-perfect 9.9 vulnerability score.<\/p>\n<p>The bug was first disclosed in December, and vendors such as Resecurity said that of n8n&#8217;s roughly 230,000 active users, more than 103,000 appeared to be vulnerable.<\/p>\n<p>CVE-2025-68613 can lead to RCE on the open source workflow automation platform, with potential consequences ranging from simple data theft to full-blown supply chain compromise.<\/p>\n<p>The vulnerability affects n8n and its expression evaluation engine, which are commonly used to automate operational tasks across systems.<\/p>\n<p>n8n&#8217;s advisory states that, under certain conditions, authenticated attackers can inject payloads into expressions that are then executed without validation.<\/p>\n<p>&#8220;Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations,&#8221; it said.<\/p>\n<p>In plain terms, it means that an attacker with access to a low-privilege account could assume control of the entire n8n instance and abuse it to potentially access secrets such as passwords or push malicious code by modifying workflows, among other nastiness.<\/p>\n<p>n8n patched the bug in v1.122.0, but given CISA&#8217;s notice adding it to the KEV list, it seems as though some orgs have not been upgrading.<\/p>\n<p>FCEB agencies have until March 25 to ensure they&#8217;re running the safe version.<\/p>\n<p>The project maintainers have endured some difficult weeks since CVE-2025-68613 was first disclosed. Although the patch for the 9.9 vulnerability worked, the project&#8230;<\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/03\/12\/cisa_n8n_rce\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA says n8n critical bug exploited in real-world attacks \u2022 The Register https:\/\/www.theregister.com\/2026\/03\/12\/cisa_n8n_rce\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":223049,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/regmedia.co.uk\/2025\/10\/14\/shutterstock_2010923726.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-223048","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/223048"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=223048"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/223048\/revisions"}],"predecessor-version":[{"id":223050,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/223048\/revisions\/223050"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/223049"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=223048"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=223048"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=223048"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}