Cybersecurity researchers have disclosed two new security flaws within the n8n workflow automation platform, together with an important vulnerability that might lead to distant code execution.
The weaknesses, found by the JFrog Safety Analysis group, are listed beneath –
- CVE-2026-1470 (CVSS rating: 9.9) – An eval injection vulnerability that might permit an authenticated person to bypass the Expression sandbox mechanism and obtain full distant code execution on n8n’s essential node by passing specifically crafted JavaScript code
- CVE-2026-0863 (CVSS rating: 8.5) – An eval injection vulnerability that might permit an authenticated person to bypass n8n’s python-task-executor sandbox restrictions and run arbitrary Python code on the underlying working system
Profitable exploitation of the issues might allow an attacker to hijack a whole n8n occasion, together with underneath situations the place it is working underneath “inner” execution mode. In its documentation, n8n notes that utilizing inner mode in manufacturing environments can pose a security danger, urging customers to change to exterior mode to make sure correct isolation between n8n and job runner processes.
“As n8n spans a whole group to automate AI workflows, it holds the keys to core instruments, capabilities, and knowledge from infrastructure, together with LLM APIs, gross sales knowledge, and inner IAM techniques, amongst others,” JFrog mentioned in an announcement shared with The Hacker Information. “This leads to escapes giving a hacker an efficient “skeleton key” to all the company.”
To handle the issues, customers are suggested to replace to the next variations –
- CVE-2026-1470 – 1.123.17, 2.4.5, or 2.5.1
- CVE-2026-0863 – 1.123.14, 2.3.5, or 2.4.2
The event comes merely weeks after Cyera Analysis Labs detailed a maximum-severity security flaw in n8n (CVE-2026-21858 aka Ni8mare) that permits an unauthenticated distant attacker to achieve full management over vulnerable situations.
“These vulnerabilities spotlight how tough it’s to securely sandbox dynamic, excessive‑stage languages comparable to JavaScript and Python,” researcher Nathan Nehorai mentioned. “Even with a number of validation layers, deny lists, and AST‑based mostly controls in place, refined language options and runtime behaviors might be leveraged to bypass security assumptions.”
“On this case, deprecated or not often used constructs, mixed with interpreter modifications and exception dealing with conduct, had been sufficient to interrupt out of in any other case restrictive sandboxes and obtain distant code execution.”
