Cybersecurity researchers have disclosed particulars of two now-patched safety flaws within the n8n workflow automation platform, together with two essential bugs that would end in arbitrary command execution.
The vulnerabilities are listed under –
- CVE-2026-27577 (CVSS rating: 9.4) – Expression sandbox escape resulting in distant code execution (RCE)
- CVE-2026-27493 (CVSS rating: 9.5) – Unauthenticated expression analysis by way of n8n’s Type nodes
“CVE-2026-27577 is a sandbox escape within the expression compiler: a lacking case within the AST rewriter lets course of slip via untransformed, giving any authenticated expression full RCE,” Pillar Safety researcher Eilon Cohen, who found and reported the problems, stated in a report shared with The Hacker Information.
The cybersecurity firm described CVE-2026-27493 as a “double-evaluation bug” in n8n’s Type nodes that could possibly be abused for expression injection by profiting from the truth that the shape endpoints are public by design and require neither authentication nor an n8n account.
All it takes for profitable exploitation is to leverage a public “Contact Us” kind to execute arbitrary shell instructions by merely offering a payload as enter into the Title subject.
In an advisory launched late final month, n8n stated CVE-2026-27577 could possibly be weaponized by an authenticated consumer with permission to create or modify workflows to set off unintended system command execution on the host working n8n by way of crafted expressions in workflow parameters.
N8n additionally famous that CVE-2026-27493, when chained with an expression sandbox escape like CVE-2026-27577, might “escalate to distant code execution on the n8n host.” Each vulnerabilities have an effect on the self-hosted and cloud deployments of n8n –
- < 1.123.22, >= 2.0.0 < 2.9.3, and >= 2.10.0 < 2.10.1 – Mounted in variations 2.10.1, 2.9.3, and 1.123.22
If speedy patching of CVE-2026-27577 shouldn’t be an choice, customers are suggested to restrict workflow creation and enhancing permissions to completely trusted customers and deploy n8n in a hardened atmosphere with restricted working system privileges and community entry.
As for CVE-2026-27493, n8n recommends the next mitigations –
- Evaluate the utilization of kind nodes manually for the above-mentioned preconditions.
- Disable the Type node by including n8n-nodes-base.kind to the NODES_EXCLUDE atmosphere variable.
- Disable the Type Set off node by including n8n-nodes-base.formTrigger to the NODES_EXCLUDE atmosphere variable.
“These workarounds don’t absolutely remediate the danger and may solely be used as short-term mitigation measures,” the maintainers cautioned.
Pillar Safety stated an attacker might exploit these flaws to learn the N8N_ENCRYPTION_KEY atmosphere variable and use it to decrypt each credential saved in n8n’s database, together with AWS keys, database passwords, OAuth tokens, and API keys.
N8n variations 2.10.1, 2.9.3, and 1.123.22 additionally resolve two extra essential vulnerabilities that may be abused to realize arbitrary code execution –
- CVE-2026-27495 (CVSS rating: 9.4) – An authenticated consumer with permission to create or modify workflows might exploit a code injection vulnerability within the JavaScript Job Runner sandbox to execute arbitrary code exterior the sandbox boundary.
- CVE-2026-27497 (CVSS rating: 9.4) – An authenticated consumer with permission to create or modify workflows might leverage the Merge node’s SQL question mode to execute arbitrary code and write arbitrary recordsdata on the n8n server.
In addition to limiting workflow creation and enhancing permissions to trusted customers, n8n has outlined the workarounds under for every flaw –
- CVE-2026-27495 – Use exterior runner mode (N8N_RUNNERS_MODE=exterior) to restrict the blast radius.
- CVE-2026-27497 – Disable the Merge node by including n8n-nodes-base.merge to the NODES_EXCLUDE atmosphere variable.
Whereas n8n makes no point out of any of those vulnerabilities being exploited within the wild, customers are suggested to maintain their installations up-to-date for optimum safety.
Elevate your perspective with NextTech Information, the place innovation meets perception.
Uncover the most recent breakthroughs, get unique updates, and join with a worldwide community of future-focused thinkers.
Unlock tomorrow’s traits immediately: learn extra, subscribe to our publication, and turn into a part of the NextTech group at NextTech-news.com
