Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

Cybersecurity researchers have disclosed two critical security flaws in the n8n workflow automation platform that could allow authenticated users to bypass sandbox protections and execute arbitrary code on affected systems.

Critical Vulnerabilities Discovered

The JFrog Security Research team identified two eval injection vulnerabilities with severe implications for n8n deployments:

• CVE-2026-1470 (CVSS score: 9.9) - This critical flaw allows authenticated users to bypass n8n's Expression sandbox mechanism, enabling full remote code execution on the main node through specially crafted JavaScript code
• CVE-2026-0863 (CVSS score: 8.5) - This high-severity vulnerability permits authenticated users to circumvent python-task-executor sandbox restrictions and run arbitrary Python code on the underlying operating system

Why These Flaws Matter

Successful exploitation of these vulnerabilities could allow attackers to completely hijack an n8n instance, even when operating in "internal" execution mode. According to n8n's documentation, using internal mode in production environments poses significant security risks due to insufficient isolation between the n8n process and task runner processes.

"As n8n spans an entire organization to automate AI workflows, it holds the keys to core tools, functions, and data from infrastructure, including LLM APIs, sales data, and internal IAM systems, among others," JFrog researchers explained. "This results in escapes giving a hacker an effective 'skeleton key' to the entire corporation."

Technical Analysis

The vulnerabilities highlight the inherent challenges in sandboxing dynamic, high-level languages like JavaScript and Python. Despite multiple validation layers, deny lists, and AST-based controls, subtle language features and runtime behaviors can be leveraged to bypass security assumptions.

"In this case, deprecated or rarely used constructs, combined with interpreter changes and exception handling behavior, were enough to break out of otherwise restrictive sandboxes and achieve remote code execution," said researcher Nathan Nehorai.

Mitigation Steps

Users should update to the following versions immediately:

• CVE-2026-1470: Update to version 1.123.17, 2.4.5, or 2.5.1
• CVE-2026-0863: Update to version 1.123.14, 2.3.5, or 2.4.2

Additionally, organizations are strongly advised to switch from internal to external execution mode to ensure proper isolation between n8n and task runner processes.

Context and Recent History

These vulnerabilities come on the heels of another critical flaw (CVE-2026-21858, dubbed "Ni8mare") discovered by Cyera Research Labs, which allowed unauthenticated remote attackers to gain complete control over susceptible n8n instances. The rapid succession of these vulnerabilities underscores the ongoing security challenges facing workflow automation platforms.

The n8n platform, which enables organizations to automate complex workflows across various services and APIs, has become increasingly critical infrastructure for many businesses. Its broad access to organizational data and systems makes it an attractive target for attackers seeking lateral movement opportunities within corporate networks.

Expert Recommendations

Security professionals recommend implementing defense-in-depth strategies when deploying workflow automation platforms:

1. Network segmentation - Isolate workflow automation servers from critical infrastructure
2. Principle of least privilege - Limit the permissions and access of workflow automation accounts
3. Regular security audits - Conduct periodic reviews of workflow configurations and permissions
4. Monitoring and logging - Implement comprehensive logging to detect anomalous workflow behavior
5. External execution mode - Use external execution mode rather than internal mode in production environments

These vulnerabilities serve as a reminder that even platforms designed to improve operational efficiency can become significant security risks if not properly configured and maintained. Organizations should treat workflow automation platforms as critical infrastructure requiring the same security attention as other core systems.

The disclosure of these flaws demonstrates the importance of responsible vulnerability research and the need for continuous security assessment of widely adopted automation tools that have become integral to modern business operations.