Critical n8n Workflow Automation Vulnerability Allows Remote Code Execution (CVE-2026-1470)
A critical remote code execution vulnerability in n8n, the popular open-source workflow automation platform, allows authenticated users to bypass sandbox protections and execute arbitrary code on the main node with a CVSS severity score of 9.9, according to research published by JFrog Security.
The vulnerability, tracked as CVE-2026-1470, was discovered by security researcher Natan Nehorai of the JFrog Security Research Team. Successful exploitation could lead to full compromise of affected instances, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.
Expression Sandbox Bypass
The vulnerability resides in n8n's workflow Expression evaluation system, a core feature that allows users to write custom logic within workflow configurations. The flaw stems from insufficient isolation between the Expression execution context and the underlying runtime environment.
Authenticated attackers can abuse this behavior to escape the Expression sandbox and execute arbitrary code with the privileges of the n8n process. The attack requires only basic authenticated access to the n8n instance and the ability to create or modify workflows.
Simple Exploitation Path
The proof-of-concept demonstrates straightforward exploitation. An attacker creates a new workflow, adds an "Edit Fields" block, and inserts a malicious JavaScript payload in the field name or value. When the workflow step is executed, the payload breaks out of the sandbox and runs operating system commands.
The payload abuses JavaScript's constructor functions and the with statement to access Node.js's process module, enabling execution of arbitrary system commands such as reading environment variables or spawning processes.
Affected Versions
The vulnerability affects n8n versions prior to 1.123.17, versions 2.0.0 through 2.4.4, and versions 2.5.0 through 2.5.0. Organizations running affected versions should upgrade immediately to patched releases: version 1.123.17 or later for the 1.x branch, version 2.4.5 or later for the 2.4.x branch, or version 2.5.1 or later for the 2.5.x branch.
No Mitigations Available
JFrog notes that no mitigations are available for this vulnerability short of applying the patch. Organizations unable to upgrade immediately should consider restricting access to their n8n instances and auditing which users have workflow creation or modification privileges.
Widely Used Platform
n8n is a fair-code workflow automation platform used by technical teams worldwide to connect applications, automate processes, and build integrations. The platform's flexibility and extensive integration capabilities have made it popular among developers and operations teams, meaning the vulnerability potentially affects a significant number of deployments.
Given the critical severity rating and the straightforward exploitation path, organizations running n8n should treat this as a priority remediation item.
