Is n8n GDPR-compliant? Self-hosting makes the difference
n8n can run in a GDPR-compliant way, but it is not automatically compliant. What sets cloud and self-hosting apart, and where workflows leak data.
Active n8n CVEs and the CISA Warning 2026 affect every self-hosted instance. What is affected and how to patch now.

Whoever hosts n8n themselves patches themselves—or they don't. That is precisely what makes the n8n security vulnerabilities of 2026 such a real risk: The U.S. cybersecurity authority CISA has for the first time added an n8n vulnerability to its catalog of actively exploited security flaws, while at the same time several other critical CVEs with the highest severity rating became known.
For companies operating n8n on their own infrastructure to retain control of their data, this is no theoretical problem. This article shows which n8n security vulnerabilities of 2026 are specifically affected, why self-hosting shifts responsibility rather than resolving it, and what you should do now.
CISA has CVE-2025-68613 on March 11, 2026 to its Known-Exploited-Vulnerabilities Catalog after evidence of active exploitation was found, the first n8n vulnerability ever in this catalog. The flaw allows authenticated attackers to execute code with n8n process privileges via a manipulated workflow expression (CVSS 9.9).
Affected are n8n versions from 0.211.0 through the patched versions 1.120.4, 1.121.1, and 1.122.0, with the patch itself released in December 2025. U.S. federal agencies had to comply by March 25, 2026 per CISA order. According to Shadowserver Foundation data, more than 24,700 unpatched n8n instances were exposed on the internet in early February 2026, over 7,800 of them in Europe (source: The Hacker News).
Ni8mare (CVE-2026-21858) reaches the highest possible severity with CVSS 10.0 and allows unauthenticated attackers to read arbitrary files on the server via missing Content-Type checks in form-based workflows, which can lead to forged admin sessions and complete code execution (source: Rapid7). Affected are versions 1.65.0 through 1.120.x, with the flaw patched starting from 1.121.0.
Shortly before, N8scape (CVE-2025-68668, CVSS 9.9) became known: a sandbox escape in the Python Code Node that allows authenticated users with workflow permissions to execute system commands on the host. Both flaws show a pattern: wherever workflows can accept files or execute code, the respective security model becomes an attack surface. Even the original fix for CVE-2025-68613 was later bypassed with CVE-2026-25049 (CVSS 9.4) again, a sign that a single patch run is not sufficient here.
With a self-hosted n8n instance, you handle patch management entirely yourself, whereas n8n Cloud automatically deploys security updates. It is precisely this control that leads many mid-sized companies and municipalities to choose self-hosting when customer data or administrative processes flow through workflows.
This freedom comes at a price: an n8n server that nobody actively monitors becomes a risk in itself, regardless of how well individual workflows are designed. Many operations install n8n once and then treat it like a finished tool without ongoing attention to version status or security bulletins. That is precisely the difference between control and neglect.
For customers whose n8n instances we manage, a fixed patch window is part of ongoing operations, not an ad-hoc response after the next headline. After CVE-2025-68613 became known, we first checked version status on managed instances and updated affected systems promptly, in addition to reviewing unusual access to form-based workflows.
This also includes governance in small: who is allowed to create or modify workflows, which nodes can execute code or accept files, and where does external access require additional VPN or reverse proxy with its own authentication. In our AI Consulting this is not an extra chapter but an integral part of every automation that goes into production.
Five steps can be implemented in most setups within a day:
Checking off these points today closes the currently known critical vulnerabilities. The topic is not solved for good—the threat landscape changes too quickly—but the instance will no longer be vulnerable to the 2026 known attack vectors.
n8n Cloud is continuously updated by n8n itself; in practice, the mentioned CVEs primarily affect self-hosted instances that were not promptly updated to patched versions.
Find the version number in n8n settings or in the instance footer. Compare it with the patch levels from the official n8n Community Security Bulletins there n8n lists each vulnerability with affected and patched versions individually.
Restrict access temporarily to VPN or an IP whitelist, disable publicly accessible form-based workflows, and monitor access logs more closely than usual. This does not replace an update, but reduces the time window in which a known vulnerability remains exploitable.
Yes. We review version status, patch history, and access protection of existing n8n installations and, if desired, take over ongoing patch management so you maintain control of your automation without having to track every security bulletin yourself.
NordFlux builds digital employees for organisations: automations and AI agents that take over repetitive work. You stay in control.
n8n can run in a GDPR-compliant way, but it is not automatically compliant. What sets cloud and self-hosting apart, and where workflows leak data.
In a brief technical audit, we check your n8n version, your patch management, and external security measures so you maintain control of your data from a security perspective.