CVE-2026-25049

Overview

n8n-io
n8n

04 Feb 2026

Published

04 Feb 2026

Updated

CVSS v4.0

CRITICAL (9.4)

EPSS

Pending

MITRE

KEV

Description

n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue has been patched in versions 1.123.17 and 2.5.2.

Statistics

11 Posts
3 Interactions

Last activity: Last hour

Fediverse

Dark Web Informer :verified_paw: @DarkWebInformer

‼️CVE-2026-25049: N8n AI Workflow Remote Code Execution

"This vulnerability allows an attacker to execute arbitrary system commands through misconfigured or insecure AI workflow execution paths. When chained correctly, it can lead to full server compromise depending on deployment configuration."

Video Credit: youtube.com/@SecureLayer7

1
2
0
11h ago

ekiledjian @edwardk

Critical n8n flaws (CVE-2026-25049) have been disclosed, allowing authenticated users to achieve remote code execution and gain complete control of the host server by bypassing sanitization mechanisms. Users are advised to update to the latest version (1.123.17 and 2.5.2) and rotate credentials to mitigate these vulnerabilities.
https://www.bleepingcomputer.com/news/security/critical-n8n-flaws-disclosed-along-with-public-exploits/

0
0
0
11h ago

Rishi @rxerium

Yet another critical vulnerability in n8n - CVE-2026-25049 (CVSS 9.4).

Vulnerability detection script here:
https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-25049.yaml

Patched versions are 1.123.17 / 2.5.2 as per:
https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8

0
0
0
2h ago

Bluesky

/r/netsec @r-netsec-bot.bsky.social

2026: New N8N RCE Deep Dive into CVE-2026-25049

0
0
1
10h ago

Information Security Briefly @infosecbriefly.bsky.social

Authenticated users who can create or edit n8n workflows can escape sandboxes to achieve remote code execution and full server takeover (CVE-2026-25049).

0
0
0
9h ago

ohhara @shiojiri.com

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows https://thehackernews.com/2026/02/critical-n8n-flaw-cve-2026-25049.html

0
0
1
2h ago

Information Security Briefly @infosecbriefly.bsky.social

A critical n8n vulnerability (CVE-2026-25049) allows authenticated workflow creators to execute arbitrary system commands, risking full server compromise.

0
0
0
2h ago

Bitnewsbot @bitnewsbot.bsky.social

A critical flaw (CVE-2026-25049) in the automation platform n8n enables authenticated users to execute system commands, representing a bypass for […]

0
0
0
1h ago

IT-Connect @it-connect.bsky.social

⚠️ 𝗡𝗼𝘂𝘃𝗲𝗮𝘂 𝗽𝗮𝘁𝗰𝗵 𝗻𝟴𝗻 La faille critique CVE-2026-25049 réactive une précédente vulnérabilité Retrouvez mon article à ce sujet 👇 - www.it-connect.fr/n8n-cve-2026... #n8n #infosec #nocode #cybersecurite

0
0
0
Last hour

CVE-2026-21509

Overview

Microsoft
Microsoft Office 2019

26 Jan 2026

Published

30 Jan 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

2.91%

MITRE

KEV

Description

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

Statistics

8 Posts
1 Interaction

Last activity: 3 hours ago

Fediverse

Günter Born @gborn

Angriffe auf Office-Schwachstelle CVE-2026-21509 durch russische APT28 beobachtet.

https://borncity.com/blog/2026/02/04/angriffe-auf-office-schwachstelle-und-auf-outlook/

1
0
1
3h ago

The IT Nerd @The_IT_Nerd

Why CVSS Scores Don’t Always Reflect an Exploit’s Actual Severity

Today we're covering Operation Neusploit, the advanced cyberespionage campaign identified by Zscaler ThreatLabz attributed with confidence to the Russia-linked APT28 (A.K.A. Fancy Bear) threat group, we're sharing this perspective on its 7.8 score. Neusploit weaponizes CVE-2026-21509, a Microsoft Office zero-day security bypass vulnerablity, to target government and executive organizations in Ukraine,…

https://itnerd.blog/2026/02/04/why-cvss-scores-dont-always-reflect-an-exploits-actual-severity/

0
0
0
18h ago

Bluesky

Virus Bulletin @virusbtn.bsky.social

Robin Dost details how APT28 uses CVE-2026-21509 in practice, relying on crafted RTF files that trigger OLE parsing without macros. The blog post walks through efficient IOC extraction from weaponised documents. blog.synapticsystems.de/apt28-geofen...

0
0
0
23h ago

Undercode Testing @undercode.bsky.social

Russian Hackers Weaponize Microsoft Office Zero-Day: A Deep Dive into CVE-2026-21509 and How to Fortify Your Defenses + Video Introduction: CVE-2026-21509 is a critical, actively exploited zero-day vulnerability in Microsoft Office that allows remote code execution via malicious DOC files.…

0
0
0
22h ago

Il Software @mm-ilsoftware-bot.bsky.social

Patch non ancora installate, exploit già in uso: il caso Office, CVE-2026-21509 e APT28 APT28 ha sfruttato lo zero-day CVE-2026-21509 in... https://www.ilsoftware.it/patch-non-ancora-installate-exploit-gia-in-uso-il-caso-office-cve-2026-21509-e-apt28/

0
0
0
18h ago

Information Security Briefly @infosecbriefly.bsky.social

Russian-state hackers weaponized Microsoft Office vulnerability CVE-2026-21509 within 48 hours to deploy encrypted, fileless in-memory backdoors against diplomatic, maritime, and transport organizations.

0
0
0
9h ago

Eyal Estrin ☁️ @eyalestrin.bsky.social

APT28 Leverages CVE-2026-21509 in Operation Neusploit #malware

0
0
0
3h ago

CVE-2026-24061

Overview

GNU
Inetutils

21 Jan 2026

Published

29 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

29.55%

MITRE

KEV

Description

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Statistics

4 Posts
5 Interactions

Last activity: 4 hours ago

Fediverse

pentest-tools.com @pentesttools

🚨 Active exploitation confirmed: CVE-2026-24061.

This isn't just theoretical, it's a massive exposure. With nearly 800,000 Telnet instances exposed globally across legacy IoT and outdated servers, the risk of a root-level compromise is real and immediate.

We have updated Pentest-Tools.com to help you validate your exposure:

📡 Network Scanner - detects exposed Telnet services across your internal and external perimeters, identifying potentially vulnerable GNU Inetutils daemons.

🎯 Sniper Auto-Exploiter - safely executes a proof-of-concept to confirm if the authentication bypass is actually exploitable on your systems, providing the evidence needed to prioritize an immediate fix.

⚠️ Crucial detail: This critical vulnerability exists because telnetd fails to sanitize the USER environment variable. An attacker can simply supply -f root to bypass the login prompt entirely and gain instant, unauthenticated root shell access.

Attacks are happening in real-time. Validate your risk before it becomes a root-level compromise.

#offensivesecurity #ethicalhacking #infosec #cybersecurity

Check out more details about this critical vulnerability: https://pentest-tools.com/vulnerabilities-exploits/telnet-inetutils-authentication-bypass_28759

Detect with Network Scanner: https://pentest-tools.com/network-vulnerability-scanning/network-security-scanner-online

Validate with Sniper Auto-Exploiter: https://pentest-tools.com/exploit-helpers/sniper

2
2
0
17h ago

Corgi Dad @corgidad

Whatever your system is you need to patch in the fix for this CVE:

https://www.cve.org/CVERecord?id=CVE-2026-24061

The attack requires no credentials, no prior system access, and no user interaction.

Geez.

0
1
0
15h ago

Bluesky

Undercode Testing @undercode.bsky.social

The Telnet Time Bomb: How a Single Command (CVE-2026-24061) Grants Root Access and How to Defuse It + Video Introduction: A recently disclosed critical vulnerability, CVE-2026-24061, has exposed the profound dangers of legacy protocols in modern networks. This flaw in GNU telnetd, a service that…

0
0
0
21h ago

いがろぐ IGALOG🍜📷 @igalog.bsky.social

【セキュリティニュース】Synology製NASに脆弱性 - 3rdパーティ製ツールに起因、KEV登録済み（1ページ目 / 全1ページ）：Security NEXT https://www.security-next.com/180630 “CVE-2026-24061” TELNETだと・・・？

0
0
0
4h ago

CVE-2025-8088

Overview

win.rar GmbH
WinRAR

08 Aug 2025

Published

21 Oct 2025

Updated

CVSS v4.0

HIGH (8.4)

EPSS

4.61%

MITRE

KEV

Description

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Statistics

6 Posts

Last activity: 10 hours ago

Bluesky

Information Security Briefly @infosecbriefly.bsky.social

China-linked Amaranth-Dragon (APT41-associated) carried out stealthy, narrowly focused cyber espionage against Southeast Asian government and law enforcement, exploiting WinRAR CVE-2025-8088.

0
0
0
17h ago

r/blueteamsec bot @r-blueteamsec.bsky.social

Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia

0
0
2
17h ago

piggo @pigondrugs.bsky.social

~Checkpoint~ Amaranth-Dragon (APT-41 nexus) exploits WinRAR CVE-2025-8088 in espionage campaigns targeting government entities in Southeast Asia. - IOCs: 92. 223. 120. 10, 93. 123. 17. 151, dns. annasoft. gcdn. co - #APT41 #CVE20258088 #ThreatIntel

0
0
0
16h ago

Undercode Testing @undercode.bsky.social

The Silent Startup Sabotage: How CVE-2025-8088 Turns WinRAR into a Hacker’s Backdoor + Video Introduction: A critical vulnerability in the ubiquitous WinRAR archiving software, designated CVE-2025-8088, is under active exploitation by sophisticated threat actors. This high-severity flaw allows…

0
0
0
10h ago

CVE-2025-11953

Overview

@react-native-community/cli-server-api

03 Nov 2025

Published

04 Dec 2025

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.40%

MITRE

KEV

Description

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.

Statistics

4 Posts
1 Interaction

Last activity: 11 hours ago

Fediverse

Sam Stepanyan :verified: 🐘 @securestep9

#ReactNative: Critical vulnerability in Metro server for #React Native CVE-2025-11953 allows unauthenticated attackers to execute arbitrary OS commands via a POST request is actively exploited - patch now!
#Metro4Shell
#SoftwareSupplyChainSecurity
👇

https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-react-native-metro-bug-to-breach-dev-systems/
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-react-native-metro-bug-to-breach-dev-systems/

0
1
1
22h ago

Bluesky

Mert SARICA @hack4career.com

CVE-2025-11953 (Metro4Shell) in React Native Metro Server Enables RCE socradar.io/blog/cve-202...

0
0
0
19h ago

CyberVeille @cyberveille-ch.bsky.social

📢 Exploitation active de CVE-2025-11953 (« Metro4Shell ») sur Metro (React Native) observée par VulnCheck 📝 Selon VulnCheck, des expl… https://cyberveille.ch/posts/2026-02-04-exploitation-active-de-cve-2025-11953-metro4shell-sur-metro-react-native-observee-par-vulncheck/ #CVE_2025_11953 #Cyberveille

0
0
0
11h ago

CVE-2025-40551

Overview

SolarWinds
Web Help Desk

28 Jan 2026

Published

04 Feb 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

22.94%

MITRE

KEV

Description

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Statistics

4 Posts

Last activity: 6 hours ago

Fediverse

TechNadu @technadu

CISA has added CVE-2025-40551, a critical SolarWinds Web Help Desk deserialization vulnerability, to the KEV catalog after confirming active exploitation.

The flaw enables unauthenticated remote code execution and has already been patched, though exploitation details remain undisclosed. Additional KEV inclusions span Sangoma FreePBX and GitLab, reflecting continued abuse of both enterprise and open-source platforms.

This reinforces the importance of KEV-driven prioritization and continuous monitoring beyond initial disclosure.

Source: https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html

Community insight welcome.
Follow TechNadu for ongoing vulnerability and threat intelligence updates.

#Infosec #KEV #CISA #VulnerabilityResearch #SolarWinds #ThreatLandscape #CyberDefense

0
0
0
20h ago

Bluesky

Information Security Briefly @infosecbriefly.bsky.social

Threat actors are actively exploiting an unauthenticated deserialization RCE in SolarWinds Web Help Desk (CVE-2025-40551); immediate patching is required.

0
0
0
23h ago

Information Security Briefly @infosecbriefly.bsky.social

A critical remote-code-execution vulnerability CVE-2025-40551 in SolarWinds Web Help Desk is actively exploited; federal agencies must install the patch within three days.

0
0
0
22h ago

OpsMatters @opsmatters.com

The latest update for #BitSight includes "Automating #Cybersecurity Governance: How Bitsight Is Expanding AI-Powered Workflows Across SPM and VRM" and "Critical Vulnerability Alert: CVE-2025-40551 in SolarWinds Web Help Desk". #RiskManagement https://opsmtrs.com/43KoF0t

0
0
0
6h ago

CVE-2025-55182

Overview

Meta
react-server-dom-webpack

03 Dec 2025

Published

11 Dec 2025

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

57.94%

MITRE

KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

3 Posts

Last activity: 10 hours ago

Bluesky

Information Security Briefly @infosecbriefly.bsky.social

A critical React.js vulnerability (CVE-2025-55182) enables unauthenticated RCE and has triggered mass exploitation and cryptominer deployments.

0
0
0
23h ago

Undercode Testing @undercode.bsky.social

From Zero to Hero: How I Uncovered a Critical RCE Vulnerability (CVE-2025-55182) and What It Means for Cybersecurity + Video Introduction: In the ever-evolving landscape of cybersecurity, remote code execution (RCE) vulnerabilities remain among the most severe threats, allowing attackers to take…

0
0
0
13h ago

キタきつね @kitafox.bsky.social

包囲攻撃を受けたReact：2つのIPアドレスが重大なCVE-2025-55182攻撃の56%を誘発 React Under Siege: Two IPs Drive 56% of Critical CVE-2025-55182 Attacks #DailyCyberSecurity (Feb 4) securityonline.info/react-under-...

0
0
0
10h ago

CVE-2026-1281

Overview

Ivanti
Endpoint Manager Mobile

29 Jan 2026

Published

30 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

16.41%

MITRE

KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

3 Posts
12 Interactions

Last activity: 1 hour ago

Fediverse

⠠⠵ avuko @avuko

Only quickly popping on here from an otherwise very nice Fediverse vacation, because NCSC-NL has just put out an “assume-breach” warning. That’s… kinda big.

https://www.ncsc.nl/waarschuwing/ncsc-roept-organisaties-op-zich-te-melden-bij-gebruik-van-ivanti-endpoint-manager (Dutch)

#Ivanti #CVE20261281 #EPMM #MobileIron #NCSC_NL #Cybersecurity #infosec #IOC #NCSC

7
5
0
16h ago

Bluesky

CyberVeille @cyberveille-ch.bsky.social

📢 Ivanti EPMM : deux RCE pré-auth (CVE-2026-1281/1340) activement exploitées — analyse watchTowr 📝 Source: watchTowr Labs publie une anal… https://cyberveille.ch/posts/2026-02-05-ivanti-epmm-deux-rce-pre-auth-cve-2026-1281-1340-activement-exploitees-analyse-watchtowr/ #Apache_RewriteMap #Cyberveille

0
0
0
1h ago

CyberVeille @cyberveille-ch.bsky.social

📢 NCSC NL alerte: exploitation active de la zero‑day Ivanti EPMM (CVE‑2026‑1281), assume‑breach requis 📝 Selon le NCSC (Pays-Bas), un… https://cyberveille.ch/posts/2026-02-05-ncsc-nl-alerte-exploitation-active-de-la-zero-day-ivanti-epmm-cve-2026-1281-assume-breach-requis/ #CVE_2026_1281 #Cyberveille

0
0
0
1h ago

CVE-2026-24513

Overview

Kubernetes
ingress-nginx

03 Feb 2026

Published

04 Feb 2026

Updated

CVSS v3.1

LOW (3.1)

EPSS

0.03%

MITRE

KEV

Description

A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors 401 or 403, and if the configured default custom-errors backend is defective and fails to respect the X-Code HTTP header, then an Ingress with the `auth-url` annotation may be accessed even when authentication fails. Note that the built-in custom-errors backend works correctly. To trigger this issue requires an administrator to specifically configure ingress-nginx with a broken external component.

Statistics

5 Posts
2 Interactions

Last activity: 11 hours ago

Bluesky

K8sContributors @kubernetes.dev

CVE-2026-24513: ingress-nginx auth-url protection bypass -

0
2
2
19h ago

Checkmarx Zero @checkmarxzero.bsky.social

⚪ CVE-2026-24513 is a bypass of the protection afforded by the "auth-url" ingress when a misconfiguration is in place.

0
0
0
11h ago

Checkmarx Zero @checkmarxzero.bsky.social

⏳ With EOL in March, Ingress #NGINX has 4 newly disclosed vulnerabilities: #CVE-2026-1580, CVE-2026-24512, CVE-2026-24513, and CVE-2026-24514. We recommend that you migrate to F5's NGINX Ingress: buff.ly/vqTJvPK If you can’t migrate yet, update to v1.14.3. More details on each CVE below.

0
0
0
11h ago

CVE-2025-22225

Overview

VMware ESXi

04 Mar 2025

Published

21 Oct 2025

Updated

CVSS v3.1

HIGH (8.2)

EPSS

6.15%

MITRE

KEV

Description

VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.

Statistics

4 Posts
1 Interaction

Last activity: 2 hours ago

Fediverse

Günter Born @gborn

BSI-Warnung: 2.500 deutsche VMware ESXi-Server im Internet erreichbar; Angriffe über CVE-2025-22225

https://borncity.com/blog/2026/02/04/cert-bund-warnt-2-500-vmware-esxi-server-im-internet-erreichbar/

0
1
1
3h ago

Bluesky

ohhara @shiojiri.com

CVE-2025-22225 in VMware ESXi now used in active ransomware attacks https://securityaffairs.com/187637/security/cve-2025-22225-in-vmware-esxi-now-used-in-active-ransomware-attacks.html

0
0
0
3h ago

ohhara @shiojiri.com

米CISA、VMware ESXiの脆弱性がランサムウェア攻撃に悪用されていると警告（CVE-2025-22225） | Codebook｜Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/43780/

0
0
0
2h ago