Integration Hub Compromise & Lateral Movement

Exploitation of centralized automation platforms to extract credentials from workflow variable vaults and achieve unauthorized access to integrated systems including databases, APIs, cloud services, and identity providers.

n8n CVE-2025-68613: Expression Injection Enables Arbitrary Code Execution on 103,476 Workflow Automation Instances

Jan 4, 2026

—

by

Peter Chofield

in Cyber News & Updates

A critical expression injection vulnerability in n8n workflow automation platform (CVSS 9.9) allows authenticated attackers to execute arbitrary code with process privileges. 103,476 exposed instances identified globally, with rapid patching required to prevent credential theft and lateral movement across integrated systems.

Integration Hub Compromise & Lateral Movement

n8n CVE-2025-68613: Expression Injection Enables Arbitrary Code Execution on 103,476 Workflow Automation Instances