The vulnerability identified as CVE-2026-27494 affects the n8n open source workflow automation platform in versions prior to 2.10.1, 2.9.3, and 1.123.22. The root cause lies in insufficient sandboxing of the Python Code node, which is designed to allow users to execute custom Python scripts within workflows. The sandbox failed to adequately restrict access to certain built-in Python objects, enabling an authenticated user with workflow creation or modification permissions to escape the sandbox environment. This escape allows attackers to read arbitrary files on the host system or execute arbitrary code remotely. The impact varies depending on the Task Runner configuration: with the default internal Task Runner, attackers can achieve full compromise of the host running n8n, while with external Task Runners enabled (via N8N_RUNNERS_ENABLED=true), attackers might access or interfere with other tasks running on the Task Runner. Exploitation requires authentication and specific permissions but no additional user interaction. The vulnerability is tracked under CWE-497, which relates to exposure of sensitive system information to unauthorized control spheres. The issue has been patched in the specified versions, and users are strongly advised to upgrade. Temporary mitigations include limiting workflow creation and editing permissions to trusted users and disabling the Code node by excluding it via environment variables, though these do not fully eliminate the risk.

This vulnerability poses a critical risk to organizations using n8n for workflow automation, especially those with multiple users or exposed environments. Successful exploitation can lead to unauthorized disclosure of sensitive files, remote code execution, and potentially full system compromise on hosts running the internal Task Runner. This could result in data breaches, disruption of automated processes, lateral movement within networks, and loss of system integrity and availability. For environments using external Task Runners, attackers may disrupt or manipulate other tasks, potentially affecting business-critical workflows. The requirement for authenticated access with workflow modification permissions limits the attack surface but does not eliminate risk in multi-user or poorly controlled environments. Organizations relying on n8n in production, particularly those automating sensitive or critical operations, face significant operational and security impacts if this vulnerability is exploited.

The primary mitigation is to upgrade n8n to versions 2.10.1, 2.9.3, or 1.123.22 or later, where the vulnerability is patched. Until upgrades can be performed, organizations should restrict workflow creation and modification permissions strictly to fully trusted administrators or users. Additionally, disabling the Python Code node by adding 'n8n-nodes-base.code' to the NODES_EXCLUDE environment variable can reduce risk but does not fully remediate the vulnerability. Monitoring and auditing workflow changes and user activities related to workflow creation can help detect potential exploitation attempts. For environments using external Task Runners, ensure strict isolation and access controls on the Task Runner hosts. Regularly review and harden authentication and authorization policies within n8n to minimize the number of users with elevated permissions. Finally, maintain network segmentation and host-level security controls to limit the impact of any potential compromise.