The n8n workflow automation platform has been found vulnerable to two high-severity security flaws discovered by JFrog Security Research. CVE-2026-1470 (CVSS 9.9) is an eval injection vulnerability that allows an authenticated user to bypass the Expression sandbox mechanism by injecting specially crafted JavaScript code, resulting in remote code execution on the main n8n node. CVE-2026-0863 (CVSS 8.5) is another eval injection vulnerability that permits an authenticated user to bypass sandbox restrictions in the python-task-executor, enabling arbitrary Python code execution on the underlying operating system. These vulnerabilities allow attackers to fully compromise n8n instances, including those running in internal execution mode, which n8n itself warns against using in production due to security risks. Since n8n automates workflows across an organization's infrastructure, including access to critical data such as LLM APIs, sales data, and internal IAM systems, successful exploitation effectively grants attackers a 'skeleton key' to the entire corporate environment. The vulnerabilities stem from the inherent difficulty in securely sandboxing dynamic languages like JavaScript and Python, where subtle language features and runtime behaviors can bypass multiple validation layers and AST-based controls. Deprecated or rarely used language constructs combined with interpreter changes and exception handling were exploited to escape sandbox restrictions. Patches addressing these flaws have been released in n8n versions 1.123.17, 2.4.5, 2.5.1 for CVE-2026-1470 and 1.123.14, 2.3.5, 2.4.2 for CVE-2026-0863. These vulnerabilities follow shortly after another maximum-severity unauthenticated RCE flaw (CVE-2026-21858) was disclosed in n8n, underscoring ongoing security challenges in the platform. Organizations using n8n should prioritize patching and consider switching to external execution mode to isolate task runners from the main n8n process.

For European organizations, these vulnerabilities pose a critical threat due to n8n's role in automating workflows that integrate sensitive corporate data and infrastructure components. Exploitation can lead to full remote code execution, allowing attackers to hijack entire n8n instances, potentially gaining access to internal IAM systems, proprietary data, and connected APIs. This could result in data breaches, operational disruption, and lateral movement within corporate networks. Given n8n's increasing adoption in Europe for AI workflow automation and business process integration, unpatched systems represent a significant attack surface. The risk is amplified in environments using internal execution mode, which lacks proper process isolation. Additionally, the requirement for authentication to exploit these flaws means that compromised or malicious insiders, or attackers who have obtained valid credentials, can leverage these vulnerabilities to escalate privileges and control automation infrastructure. The potential for widespread impact is high, especially in sectors relying heavily on automation such as finance, manufacturing, and technology. The vulnerabilities also increase the risk of supply chain attacks if n8n workflows integrate third-party services or APIs. Overall, the impact includes confidentiality loss, integrity compromise, and availability disruption of critical business processes.

1. Immediately update n8n to the patched versions: 1.123.17, 2.4.5, or 2.5.1 for CVE-2026-1470 and 1.123.14, 2.3.5, or 2.4.2 for CVE-2026-0863. 2. Avoid using internal execution mode in production environments; switch to external execution mode to ensure process isolation between n8n and task runners. 3. Enforce strict access controls and multi-factor authentication on n8n instances to reduce the risk of credential compromise. 4. Regularly audit and monitor n8n workflows and logs for suspicious activity indicative of exploitation attempts. 5. Limit the number of users with authenticated access to n8n, especially those with permissions to create or modify workflows. 6. Implement network segmentation to isolate n8n servers from critical infrastructure and sensitive data stores. 7. Conduct security reviews of custom workflows and scripts to identify potentially unsafe code injections or eval usage. 8. Employ runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions to detect anomalous behavior stemming from exploitation. 9. Stay informed on n8n security advisories and promptly apply future patches or mitigations. 10. Consider deploying n8n in containerized or sandboxed environments with strict resource and permission controls to limit impact of potential exploits.