CRE-2025-0178: n8n Webhook Silent Failure Detection #148
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
Author
|
@Lyndon-prequel can i get a review on this ? |
Contributor
|
@piyzard thanks for the submitting a Rule! could you please provide working prequel playground link? the current one just opens up the landing page and also if you don't mind add me the test repo link. The current one points to the actual prequel-dev/cre repo and showing 404. |
amanycodes
suggested changes
Oct 30, 2025
| - metadata: | ||
| kind: prequel | ||
| id: N8nWh3kP7qRzYvMr2aLfJ8 | ||
| hash: ZpQ9Lm4Zk8TnVb2Ry6HwGs |
Contributor
There was a problem hiding this comment.
hash is not a valid field
| event: | ||
| source: cre.log.n8n | ||
| match: | ||
| - regex: 'Workflow could not be started' |
Contributor
There was a problem hiding this comment.
this regex expression can be improved:
"(?i)(Workflow could not be started|Database connection unavailable|execution context lost|Connection refused|504 Gateway Timeout|heap out of memory|Webhook data permanently lost)"
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
closes #128
/claim #128
🎯 Overview
This PR introduces a comprehensive detection rule for n8n Webhook Silent Failures - addressing critical silent data loss where incoming webhook requests fail to trigger workflows without proper error reporting or alerting. This represents the most dangerous type of n8n failure where business-critical automations silently fail to process incoming data, leads, or API events, potentially going undetected for days or weeks.
CRE Playground Links
CRE-2025-0178 Playground: Test Rule
📊 n8n Issues Covered
500 Internal Server Error: Workflow could not be started! Webhook execution failed500 Internal Server Error: Workflow could not be started! Database connection unavailableWorker failed to find data for execution ID exec_789abc - execution context lost504 Gateway Timeout: webhook request exceeded 30 second timeout limit500 Internal Server Error: Workflow could not be started! Memory allocation failedConnection refused: n8n service unavailable on port 5678JavaScript heap out of memory during webhook processingWebhook data permanently lost - no recovery possible🧪 Testing & Validation
cat rules/cre-2025-0178/test.log | preq -r rules/cre-2025-0178/n8n-webhook-silent-failure.yaml -d🎬 Demo Environment
Repo link: https://github.com/prequel-dev/cre/tree/main/examples/n8n-cre-demo
Screencast.from.2025-08-31.17-01-45.mp4
Features:
cd cre/examples/n8n-cre-demo ./start.shReferences