THE Hacker News reports that the U.S. Cybersecurity and Infrastructure Security Agency has added a critical n8n flaw to its Known Exploited Vulnerabilities catalog based on evidence of active exploitation, according to CISA. The vulnerability, tracked as CVE-2025-68613, involves expression injection that can lead to remote code execution and is scored at 9.9 on CVSS, with n8n patching the issue in December 2025 for versions 1.120.4, 1.121.1, and 1.122.0.
Shadowserver Foundation data cited in the piece shows more than 24,700 unpatched instances exposed online as of early February 2026, with over 12,300 in North America and 7,800 in Europe. The article notes that CVE-2025-68613 is the first n8n vulnerability to be placed in the KEV catalog, and that Pillar Security disclosed two additional critical flaws in n8n, including CVE-2026-27577. Federal Civilian Executive Branch agencies have been ordered to patch n8n instances by 25 March 2026 under Binding Operational Directive 22-01.