CVE-2026-27495: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner. Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`. The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or use external runner mode (`N8N_RUNNERS_MODE=external`) to limit the blast radius. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
AI Analysis
Technical Summary
CVE-2026-27495 is a critical vulnerability classified under CWE-94 (Improper Control of Generation of Code) affecting the n8n open source workflow automation platform. The flaw exists in the JavaScript Task Runner sandbox, which is designed to safely execute user-defined JavaScript code within workflows. Prior to fixed versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows can craft malicious JavaScript code that escapes the sandbox boundary, enabling arbitrary code execution on the host system. When n8n is configured with the default internal Task Runner mode, this vulnerability allows an attacker to gain full control over the underlying host, potentially leading to complete system compromise. In environments using external Task Runners (enabled via N8N_RUNNERS_ENABLED=true and N8N_RUNNERS_MODE=external), the attacker’s impact is limited to the Task Runner environment, but they may still access or disrupt other tasks running there. Exploitation requires only workflow modification privileges, no additional authentication or user interaction is needed, making it highly exploitable. The vulnerability has been assigned a CVSS 4.0 score of 9.4, reflecting its critical severity with network attack vector, low complexity, no privileges required beyond workflow permissions, and high impact on confidentiality, integrity, and availability. Although no known exploits in the wild have been reported yet, the potential for severe damage necessitates immediate remediation. The vendor recommends upgrading to the patched versions. If immediate upgrade is not feasible, temporary mitigations include restricting workflow creation and editing permissions to fully trusted users and switching to external Task Runner mode to reduce the attack surface. These mitigations do not fully eliminate risk and should only be considered stopgap measures until patching is completed.
Potential Impact
The vulnerability allows an authenticated user with workflow creation or modification rights to execute arbitrary code outside the intended sandbox, leading to full host compromise on default internal Task Runner configurations. This can result in complete loss of confidentiality, integrity, and availability of the n8n host system, enabling attackers to deploy malware, exfiltrate sensitive data, disrupt automation workflows, or pivot to other network resources. In external Task Runner mode, the impact is confined to the runner environment but can still disrupt multiple workflows and potentially affect other tasks. Given n8n’s role in automating business-critical processes, exploitation could cause significant operational disruption, data breaches, and loss of trust. Organizations relying on n8n for automation in sectors such as finance, healthcare, manufacturing, and technology are at heightened risk. The ease of exploitation combined with the high privileges gained makes this vulnerability a critical threat to any organization using affected versions of n8n.
Mitigation Recommendations
1. Upgrade n8n instances immediately to versions 2.10.1, 2.9.3, or 1.123.22 or later, which contain the patch for this vulnerability. 2. Restrict workflow creation and editing permissions strictly to fully trusted and vetted users to reduce the risk of malicious workflow injection. 3. Configure n8n to use external Task Runner mode (set N8N_RUNNERS_ENABLED=true and N8N_RUNNERS_MODE=external) to isolate task execution environments and limit the blast radius of potential exploits. 4. Monitor workflow changes and audit logs for suspicious activity indicative of exploitation attempts. 5. Employ network segmentation and host-based controls to limit access to n8n hosts and Task Runner environments. 6. Consider implementing runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions to detect anomalous code execution. 7. Educate administrators and developers on the risks of granting workflow modification permissions and enforce the principle of least privilege. 8. Plan for rapid incident response and recovery procedures in case of compromise. These steps go beyond generic advice by focusing on permission management, runner configuration, and monitoring tailored to n8n’s architecture.
Affected Countries
United States, Germany, United Kingdom, France, Canada, Australia, Netherlands, Japan, South Korea, India, Brazil, Singapore
CVE-2026-27495: CWE-94: Improper Control of Generation of Code ('Code Injection') in n8n-io n8n
Description
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task executed on the Task Runner. Task Runners must be enabled using `N8N_RUNNERS_ENABLED=true`. The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later to remediate the vulnerability. If upgrading is not immediately possible, administrators should consider the following temporary mitigations. Limit workflow creation and editing permissions to fully trusted users only, and/or use external runner mode (`N8N_RUNNERS_MODE=external`) to limit the blast radius. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-27495 is a critical vulnerability classified under CWE-94 (Improper Control of Generation of Code) affecting the n8n open source workflow automation platform. The flaw exists in the JavaScript Task Runner sandbox, which is designed to safely execute user-defined JavaScript code within workflows. Prior to fixed versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows can craft malicious JavaScript code that escapes the sandbox boundary, enabling arbitrary code execution on the host system. When n8n is configured with the default internal Task Runner mode, this vulnerability allows an attacker to gain full control over the underlying host, potentially leading to complete system compromise. In environments using external Task Runners (enabled via N8N_RUNNERS_ENABLED=true and N8N_RUNNERS_MODE=external), the attacker’s impact is limited to the Task Runner environment, but they may still access or disrupt other tasks running there. Exploitation requires only workflow modification privileges, no additional authentication or user interaction is needed, making it highly exploitable. The vulnerability has been assigned a CVSS 4.0 score of 9.4, reflecting its critical severity with network attack vector, low complexity, no privileges required beyond workflow permissions, and high impact on confidentiality, integrity, and availability. Although no known exploits in the wild have been reported yet, the potential for severe damage necessitates immediate remediation. The vendor recommends upgrading to the patched versions. If immediate upgrade is not feasible, temporary mitigations include restricting workflow creation and editing permissions to fully trusted users and switching to external Task Runner mode to reduce the attack surface. These mitigations do not fully eliminate risk and should only be considered stopgap measures until patching is completed.
Potential Impact
The vulnerability allows an authenticated user with workflow creation or modification rights to execute arbitrary code outside the intended sandbox, leading to full host compromise on default internal Task Runner configurations. This can result in complete loss of confidentiality, integrity, and availability of the n8n host system, enabling attackers to deploy malware, exfiltrate sensitive data, disrupt automation workflows, or pivot to other network resources. In external Task Runner mode, the impact is confined to the runner environment but can still disrupt multiple workflows and potentially affect other tasks. Given n8n’s role in automating business-critical processes, exploitation could cause significant operational disruption, data breaches, and loss of trust. Organizations relying on n8n for automation in sectors such as finance, healthcare, manufacturing, and technology are at heightened risk. The ease of exploitation combined with the high privileges gained makes this vulnerability a critical threat to any organization using affected versions of n8n.
Mitigation Recommendations
1. Upgrade n8n instances immediately to versions 2.10.1, 2.9.3, or 1.123.22 or later, which contain the patch for this vulnerability. 2. Restrict workflow creation and editing permissions strictly to fully trusted and vetted users to reduce the risk of malicious workflow injection. 3. Configure n8n to use external Task Runner mode (set N8N_RUNNERS_ENABLED=true and N8N_RUNNERS_MODE=external) to isolate task execution environments and limit the blast radius of potential exploits. 4. Monitor workflow changes and audit logs for suspicious activity indicative of exploitation attempts. 5. Employ network segmentation and host-based controls to limit access to n8n hosts and Task Runner environments. 6. Consider implementing runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions to detect anomalous code execution. 7. Educate administrators and developers on the risks of granting workflow modification permissions and enforce the principle of least privilege. 8. Plan for rapid incident response and recovery procedures in case of compromise. These steps go beyond generic advice by focusing on permission management, runner configuration, and monitoring tailored to n8n’s architecture.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-02-19T19:46:03.542Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 699f7718b7ef31ef0b6119ea
Added to database: 2/25/2026, 10:26:32 PM
Last enriched: 3/5/2026, 10:00:12 AM
Last updated: 4/12/2026, 7:58:03 AM
Views: 115
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.