Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution
These articles are AI-generated summaries. Please check the original sources for full details.
Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution
The JFrog Security Research team has discovered two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution, with one of the flaws having a CVSS score of 9.9. The vulnerabilities, tracked as CVE-2026-1470 and CVE-2026-0863, were found to allow authenticated users to bypass the Expression sandbox mechanism and achieve full remote code execution on n8n’s main node.
Why This Matters
The technical reality of sandboxing dynamic languages like JavaScript and Python is that even with multiple validation layers and controls in place, subtle language features and runtime behaviors can be leveraged to bypass security assumptions, as seen in the case of these two n8n vulnerabilities, which could permit an attacker to hijack an entire n8n instance, posing a significant security risk to organizations that use the platform to automate AI workflows.
Key Insights
- CVE-2026-1470 (CVSS score: 9.9): An eval injection vulnerability that could allow an authenticated user to bypass the Expression sandbox mechanism and achieve full remote code execution on n8n’s main node.
- Sandbox bypass techniques: The vulnerabilities highlight the difficulty of safely sandboxing dynamic languages, with even rarely used constructs and exception handling behavior being enough to break out of restrictive sandboxes.
- n8n usage: The platform is used by organizations to automate AI workflows, holding the keys to core tools, functions, and data, making it a high-value target for attackers.
Practical Applications
- Use Case: Organizations using n8n to automate AI workflows should update to the latest versions to prevent exploitation of the vulnerabilities.
- Pitfall: Failing to update n8n instances can result in an attacker gaining complete control over the instance, posing a significant security risk to the organization.
References:
Continue reading
Next article
Understanding the ROLLUP Operator in SQL for Hierarchical Aggregation
Related Content
cPanel and WHM Patch Critical Vulnerabilities to Prevent RCE and Privilege Escalation
cPanel and WHM released patches for three vulnerabilities, including two CVSS 8.8 flaws, to prevent arbitrary code execution and privilege escalation.
FreePBX Vulnerabilities Allow RCE via SQL Injection, File Upload, and Auth Bypass
FreePBX patched 2025 flaws allowing SQL injection, file upload attacks, and an auth bypass, potentially leading to remote code execution.
Critical n8n Flaw CVE-2026-25049 Enables System Command Execution
A critical n8n vulnerability, CVE-2026-25049, allows authenticated workflow abuse to execute system commands with a CVSS score of 9.4.