Two vulnerabilities within the n8n workflow automation platform might enable attackers to totally compromise affected situations, entry delicate knowledge, and execute arbitrary code on the underlying host.
Recognized as CVE-2026-1470 and CVE-2026-0863, the vulnerabilities have been found and reported by researchers at DevSecOps firm JFrog.
Regardless of requiring authentication, CVE-2026-1470 acquired a vital severity rating of 9.9 out of 10. JFrog defined that the vital ranking was resulting from arbitrary code execution occurring in n8n’s predominant node, which permits full management over the n8n occasion.
n8n is an open-source workflow automation platform that lets customers hyperlink functions, APIs, and providers into complicated processes utilizing a visible editor.
With greater than 200,000 weekly downloads on npm, the library is used for job automation and helps integrations with AI and enormous language mannequin (LLM) providers.
The 2 vulnerabilities found by JFrog will be summarized as follows:
- CVE-2026-1470 – An AST sandbox escape attributable to improper dealing with of the JavaScript with assertion permits a standalone constructor identifier to bypass sanitization and resolve to Operate, enabling arbitrary JavaScript execution and leading to full RCE on the primary n8n node.
- CVE-2026-0863 – A Python AST sandbox escape that mixes format-string–primarily based object introspection with Python 3.10+ AttributeError.obj conduct to regain entry to restricted builtins and imports, permitting execution of OS instructions and full RCE when Python runs as a subprocess on the primary n8n node.
“These vulnerabilities spotlight how tough it’s to soundly sandbox dynamic, excessive‑degree languages akin to JavaScript and Python,” JFrog explains.
“Even with a number of validation layers, deny lists, and AST‑primarily based controls in place, delicate language options and runtime behaviors will be leveraged to bypass safety assumptions,” the researchers say.
Exploiting CVE-2026-1470 requires authentication as a result of permissions to create or modify a workflow are needed to flee the sandbox and execute instructions on the host.
The flaw remains to be rated vital since non-admin customers, assumed to be safely contained in most deployments, can exploit it to pivot to infrastructure-level management.
CVE-2026-1470 was mounted in variations 1.123.17, 2.4.5, and a pair of.5.1, whereas CVE-2026-0863 was addressed in n8n variations 1.123.14, 2.3.5, 2.4.2. Customers are really helpful to improve to the newest variations as quickly as potential.
It needs to be famous that the n8n cloud platform has addressed the problems, and solely self-hosted variations working a weak launch are affected.
Researcher Rhoda Sensible, who defined CVE-2026-0863 in a technical weblog put up, promised so as to add a proof-of-concept exploit within the write-up, which might immediate attackers to hunt for and goal self-hosted n8n deployments.
The n8n platform gained extra consideration not too long ago, as safety researchers reported vital flaws. Earlier this month, the max-severity flaw “Ni8mare” was disclosed, which permits distant, unauthenticated attackers to take management of native n8n situations.
Per week later, scans confirmed that 60,000 situations remained in danger. As of January 27, this quantity has fallen to 39,900 uncovered situations, indicating a really gradual patching charge among the many platform’s customers.
Whether or not you are cleansing up previous keys or setting guardrails for AI-generated code, this information helps your crew construct securely from the beginning.
Get the cheat sheet and take the guesswork out of secrets and techniques administration.
