Workflow Automation Platform Security

Critical architectural vulnerabilities in low-code/no-code integration platforms where automated workflow execution and credential management create lateral movement pathways across downstream enterprise systems.

1 intelligence brief← Intelligence Hub

n8n CVE-2025-68613: Expression Injection Enables Arbitrary Code Execution on 103,476 Workflow Automation Instances

A critical expression injection vulnerability in n8n workflow automation platform (CVSS 9.9) allows authenticated attackers to execute arbitrary code with process privileges. 103,476 exposed instances identified globally, with rapid patching required to prevent credential theft and lateral movement across integrated systems.

Peter Chofield

Jan 4, 2026

11–16 minutes

Workflow Automation Platform Security

n8n CVE-2025-68613: Expression Injection Enables Arbitrary Code Execution on 103,476 Workflow Automation Instances