Cybersecurity researchers have identified two critical security vulnerabilities within the n8n workflow automation platform, with one flaw posing a severe risk of remote code execution. These newly disclosed weaknesses could allow unauthorized access to sensitive data and system control for attackers targeting n8n instances.
The discoveries were made by the JFrog Security Research team and have been assigned high severity ratings. The findings underscore a persistent challenge in securing complex, high-level programming languages used in automation tools.
n8n Vulnerabilities Threaten Workflow Automation Security
Two significant security flaws have been disclosed in the popular n8n workflow automation platform, raising concerns about the security of automated processes across organizations. The vulnerabilities, detailed by JFrog Security Research, could enable attackers to gain unauthorized access and execute malicious code.
The most critical of these is CVE-2026-1470, which carries a CVSS score of 9.9. This eval injection vulnerability allows an authenticated user to bypass n8n’s expression sandbox. By submitting specially crafted JavaScript code, an attacker could achieve full remote code execution on the platform’s main node.
Additionally, CVE-2026-0863 (CVSS score: 8.5) is another eval injection vulnerability. This flaw permits an authenticated user to circumvent the sandbox restrictions of n8n’s python-task-executor. Successful exploitation would enable the execution of arbitrary Python code on the underlying operating system.
Implications of Exploited Vulnerabilities
Exploiting these vulnerabilities could grant an attacker control over an entire n8n instance. This risk is present even in scenarios where n8n operates in an “internal” execution mode. n8n’s own documentation acknowledges that using internal mode in production environments can introduce security risks and recommends switching to external mode for better process isolation.
“As n8n spans an entire organization to automate AI workflows, it holds the keys to core tools, functions, and data from infrastructure, including LLM APIs, sales data, and internal IAM systems, among others,” JFrog stated. “This results in escapes giving a hacker an effective ‘skeleton key’ to the entire corporation.”
These findings come shortly after Cyera Research Labs disclosed a separate critical flaw, CVE-2026-21858, also known as “Ni8mare,” which permits unauthenticated attackers to gain complete control over vulnerable n8n instances.
Mitigation and Updates
To protect against these threats, users of n8n are strongly advised to update their installations to specific patched versions. For CVE-2026-1470, users should update to versions 1.123.17, 2.4.5, or 2.5.1. For CVE-2026-0863, the recommended updates are to versions 1.123.14, 2.3.5, or 2.4.2.
These vulnerabilities highlight the inherent difficulties in securely sandboxing dynamic, high-level languages like JavaScript and Python. As noted by researcher Nathan Nehorai, even with multiple layers of validation and control mechanisms, subtle language features and runtime behaviors can be exploited to break out of security boundaries and achieve remote code execution.
The ongoing discovery of such flaws in widely adopted workflow automation platforms underscores the critical importance of continuous security patching and vigilant monitoring of automated systems. Organizations relying on n8n should prioritize applying the recommended updates to safeguard their infrastructure and sensitive data from potential cyber threats.