New n8n Vulnerability CVE-2026-25049 Bypasses Previous Patch to Enable Remote Code Execution
A critical flaw in n8n (CVSS 9.4) exploits TypeScript/JavaScript type mismatch to bypass sanitization from a December 2025 patch, enabling authenticated remote command execution via webhook workflows.