Category: Uncategorized

Jan 06, 2026Ravie LakshmananVulnerability / DevOps

A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system commands on the underlying host.

The vulnerability, tracked as CVE-2025-68668, is rated 9.9 on the CVSS scoring system. It has been described as a case of a protection mechanism failure.

It affects n8n versions from 1.0.0 up to, but not including, 2.0.0, and allows an authenticated user with permission to create or modify workflows to execute arbitrary operating system commands on the host running n8n. The issue has been addressed in version 2.0.0.

“A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide,” an advisory for the flaw states. “An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process.”

N8n said it had introduced task runner-based native Python implementation in version 1.111.0 as an optional feature for improved security isolation. The feature can be enabled by configuring the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables. With the release of version 2.0.0, the implementation has been made the default.

As workarounds, n8n is recommending that users follow the outlined steps below –

• Disable the Code Node by setting the environment variable NODES_EXCLUDE: “[\”n8n-nodes-base.code\”]”
• Disable Python support in the Code node by setting the environment variable N8N_PYTHON_ENABLED=false
• Configure n8n to use the task runner-based Python sandbox via the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables

The disclosure comes as n8n addressed another critical vulnerability (CVE-2025-68613, CVSS score: 9.9) that could result in arbitrary code execution under certain circumstances.

SEOUL, Jan. 6 (UPI) — North Korean leader Kim Jong Un inspected the construction site of a new memorial in Pyongyang dedicated to soldiers killed while fighting alongside Russian forces, state media reported Tuesday.

Kim toured the site of the Memorial Museum of Combat Feats at the Overseas Military Operations on Monday, where he took part in a tree-planting ceremony and praised the fallen combatants for their loyalty and sacrifice, according to the official Korean Central News Agency.

Kim said the troops’ deaths “would serve as the solid root and eternal cornerstone supporting the mightiness of the motherly DPRK,” KCNA reported.

The Democratic Republic of Korea is the official name of North Korea.

The North Korean leader reviewed images of the fallen soldiers with “humble reverence,” KCNA said, calling them “the eternal stars of the country.”

“Nobody in the world can match such an army as those who readily dedicated their lives to the dignity and fame of their motherland,” Kim said.

State media photographs released from the event showed Kim accompanied by his wife, Ri Sol Ju, and his daughter, Kim Ju Ae, who participated in the groundbreaking activities alongside her father.

Ju Ae has recently appeared with Kim at a series of high-profile events, including New Year celebrations and a symbolic visit to the Kumsusan Palace of the Sun family mausoleum, further fueling speculation among analysts that she is being publicly groomed as a potential successor.

Kim’s site visit comes amid North Korea’s deepening military involvement with Russia. The museum project marks Pyongyang’s latest public acknowledgment of a significant contingent of North Korean troops dispatched under a strategic defense pact with Moscow.

North Korea has deployed an estimated 15,000 troops to support Russian forces in the Kursk region, according to South Korea’s National Intelligence Service. The spy agency said in September that around 2,000 of the dispatched soldiers have been killed.

In August, Kim held a ceremony honoring troops sent to Russia, presenting medals and unveiling portraits of “martyrs” killed in combat. During the event, he announced plans for the museum as well as a special commemorative street in Pyongyang to honor their sacrifice.

Picture of health President Donald Trump has resumed dispensing medical advice to Americans despite a string of evident personal ailments, from hand bruises to swollen fingers. Fresh from insisting he has “PERFECT HEALTH,” the 79-year-old is repeating some MAHA talking points by slamming Tylenol use for pregnant women and celebrating his government’s reduction of childhood vaccinations against preventable diseases. On Monday, the Centers for Disease Control and Prevention announced that, effective immediately, they are now recommending children receive vaccinations for 11 diseases, down from the 18 vaccinations previously suggested.