Two sandbox‑escape vulnerabilities in the n8n workflow automation platform (CVE-2026-1470 and CVE-2026-0863) can enable authenticated attackers to achieve full remote code execution, access sensitive data, and compromise the underlying host. Discovered by JFrog, the flaws — including a critical 9.9-rated JS AST escape in CVE-2026-1470 — have been patched in specific n8n releases and fixed on n8n Cloud, but many self-hosted instances remain unpatched. #n8n #CVE-2026-1470
Keypoints
- Two vulnerabilities (CVE-2026-1470 and CVE-2026-0863) allow full RCE and host compromise in n8n.
- JFrog researchers identified the flaws, and CVE-2026-1470 received a critical 9.9 severity due to main-node arbitrary code execution.
- CVE-2026-1470 is a JavaScript AST sandbox escape via the with statement; CVE-2026-0863 is a Python AST escape using format-string introspection.
- Exploitation of CVE-2026-1470 requires authentication to create or modify workflows, but non-admin users can still pivot to infrastructure control; n8n Cloud is already fixed.
- Patches were released in specific n8n versions and a PoC for CVE-2026-0863 is expected, while tens of thousands of self-hosted instances remain exposed.