n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate all known vulnerabilities. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

CVE Database V5

Detailed information about CVE-2026-27577: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n affecting n8n-io n8n. Get real-time u

CVE-2026-27577: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-27577: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate all known vulnerabilities. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or disable the Merge node by adding `n8n-nodes-base.merge` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

Detailed information about CVE-2026-27497: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n affecting n8n-io n8n. Get real-time u

CVE-2026-27497: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-27497: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n

CVE-2026-27495 is a critical code injection vulnerability in the n8n workflow automation platform affecting versions prior to 2. 10. 1, 2. 9. 3, and 1. 123. 22. An authenticated user with workflow creation or modification permissions can exploit a flaw in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox. On default internal Task Runner mode, this leads to full host compromise, while external Task Runner mode limits impact to the runner environment. No user interaction or elevated privileges beyond workflow permissions are required, making exploitation straightforward for authorized users.

CVE-2026-27495 is a critical vulnerability classified under CWE-94 (Improper Control of Generation of Code) affecting the n8n open source workflow automation platform. The flaw exists in the JavaScript Task Runner sandbox implementation used by n8n to execute user-defined code within workflows. Prior to patched versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permissions to create or modify workflows can craft malicious JavaScript code that escapes the sandbox boundary, enabling arbitrary code execution on the host system. In the default configuration where internal Task Runners are used (enabled by default), this vulnerability allows full compromise of the n8n host, including potential access to underlying operating system resources and data. When external Task Runners are configured (enabled via N8N_RUNNERS_ENABLED=true and N8N_RUNNERS_MODE=external), exploitation may still allow access to or interference with other tasks running on the external runner, but the host system is better isolated. The vulnerability requires no additional user interaction beyond authentication and workflow permissions, making it highly exploitable by insiders or compromised accounts. The issue was publicly disclosed on February 25, 2026, with a CVSS 4.0 score of 9.4, indicating critical severity due to network attack vector, low complexity, no privileges required beyond workflow editing, and high impact on confidentiality, integrity, and availability. No known exploits in the wild have been reported yet. The recommended remediation is to upgrade to the fixed versions. If immediate upgrade is not feasible, administrators should restrict workflow creation and editing permissions to fully trusted users and consider switching to external runner mode to reduce the attack surface. These mitigations reduce but do not eliminate risk. The vulnerability highlights the dangers of executing user-supplied code in automation platforms without robust sandboxing and access controls.

Detailed information about CVE-2026-27495: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n affecting n8n-io n8n. Get real-time u

CVE-2026-27495: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-27495: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n

CVE-2026-27494 is a high-severity vulnerability in the n8n workflow automation platform affecting versions prior to 2. 10. 1, 2. 9. 3, and 1. 123. 22. It allows an authenticated user with workflow creation or modification permissions to escape the Python Code node sandbox due to insufficient restrictions on built-in Python objects. Exploitation can lead to exfiltration of sensitive files or remote code execution (RCE). On instances using the default internal Task Runner, this can result in full host compromise, while external Task Runner setups risk cross-task interference or access.

The vulnerability identified as CVE-2026-27494 affects the n8n open source workflow automation platform, specifically its Python Code node component. Prior to patched versions 2.10.1, 2.9.3, and 1.123.22, the sandbox environment designed to isolate Python code execution was insufficiently restrictive. Authenticated users with permissions to create or modify workflows could exploit this flaw to escape the sandbox by accessing certain built-in Python objects that should have been blocked. This escape enables attackers to read arbitrary files on the host system or execute arbitrary code remotely. The impact varies depending on the Task Runner configuration: with the default internal Task Runner, attackers can fully compromise the host machine running n8n; with external Task Runners enabled via the environment variable N8N_RUNNERS_ENABLED=true, attackers may interfere with or access other tasks running on the Task Runner. The vulnerability requires only authenticated access with workflow editing rights, no additional user interaction or elevated privileges are necessary. The CVSS 4.0 base score is 7.1 (high), reflecting network attack vector, low attack complexity, no privileges required beyond workflow editing, and high confidentiality impact. The issue has been addressed by restricting access to sensitive Python objects in the sandbox in the fixed versions. Until upgrading, administrators are advised to limit workflow creation/modification permissions to fully trusted users and/or disable the Python Code node via the NODES_EXCLUDE environment variable, though these are partial mitigations.

Detailed information about CVE-2026-27494: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere in n8n-io n8n affecting n8n-io n8

CVE-2026-27494: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere in n8n-io n8n - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-27494: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere in n8n-io n8n

CVE-2026-27493 is a critical code injection vulnerability in the open-source workflow automation platform n8n, affecting versions prior to 2. 10. 1, 2. 9. 3, and 1. 123. 22. The flaw arises from a second-order expression injection in n8n's Form nodes, allowing unauthenticated attackers to inject and evaluate arbitrary expressions by submitting crafted form data starting with an '=' character. Exploitation requires a specific workflow configuration where a form node interpolates user-supplied input as an expression, which is uncommon and likely noticeable. While the expression injection alone is limited to the n8n expression context, chaining it with a separate sandbox escape vulnerability can lead to remote code execution on the host.

CVE-2026-27493 is a critical vulnerability in n8n, an open-source workflow automation platform widely used for integrating and automating tasks. The issue is a second-order expression injection vulnerability located in the Form nodes of n8n versions prior to 2.10.1, 2.9.3, and 1.123.22. The vulnerability stems from the way n8n processes form input fields that begin with an '=' character, which causes n8n to treat the input as an expression and evaluate it twice. An unauthenticated attacker can submit crafted form data with this prefix to inject arbitrary n8n expressions. However, exploitation requires a specific workflow setup: a form node must interpolate a user-controlled value as an expression, which is not typical and would likely be noticed by workflow designers. The expression injection itself is constrained to the n8n expression context and does not directly allow arbitrary code execution. Nevertheless, if combined with a separate sandbox escape vulnerability, it can escalate to remote code execution on the host system running n8n. This chaining significantly raises the risk, enabling attackers to execute arbitrary commands remotely without authentication. The vulnerability is tracked under CWE-94 (Improper Control of Generation of Code) and CWE-95 (Improper Neutralization of Directives in Dynamically Evaluated Code). The issue was publicly disclosed on February 25, 2026, with a CVSS 4.0 score of 9.5, reflecting its critical severity and ease of exploitation without user interaction or privileges. No known exploits have been reported in the wild yet. The recommended remediation is to upgrade n8n to versions 2.10.1, 2.9.3, or 1.123.22 or later. If immediate upgrading is not feasible, administrators should manually review workflows for vulnerable form nodes, disable the Form node by adding 'n8n-nodes-base.form' to the NODES_EXCLUDE environment variable, and/or disable the Form Trigger node similarly. These mitigations reduce risk but do not fully eliminate it. Organizations should prioritize patching to prevent potential exploitation, especially in public-facing or internet-accessible n8n instances.

Detailed information about CVE-2026-27493: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n affecting n8n-io n8n. Get real-time u

CVE-2026-27493: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-27493: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n

Detailed information about CVE-2024-27692. Get real-time updates, technical details, and mitigation strategies.

CVE-2024-27692

CVE-2024-27692

Technical Details

Community Reviews

Related Threats

CVE-2026-27577: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n

CVE-2026-27497: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n

CVE-2026-27495: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n

CVE-2026-27494: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere in n8n-io n8n

CVE-2026-27493: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility