Cyber Security News

Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

CybersecurityNews
Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

Researchers disclosed two new eval-injection vulnerabilities in the n8n workflow automation platform, including a critical remote code execution flaw (CVE-2026-1470) and a Python sandbox bypass (CVE-2026-0863). JFrog warned successful exploitation can let attackers hijack entire n8n instances even in internal execution mode and urged users to apply the provided patches; the issue follows the recent Ni8mare disclosure highlighting sandboxing limits. #n8n #Ni8mare

Keypoints

  • Two eval-injection flaws in n8n enable authenticated users to execute arbitrary code.
  • CVE-2026-1470 (CVSS 9.9) bypasses the JavaScript Expression sandbox to achieve full RCE.
  • CVE-2026-0863 (CVSS 8.5) allows sandbox escape in the python-task-executor to run arbitrary Python on the host.
  • Exploitation can result in full instance takeover, including when n8n is running in internal execution mode; switch to external mode for isolation.
  • Patches released: update to 1.123.17 / 2.4.5 / 2.5.1 for CVE-2026-1470 and 1.123.14 / 2.3.5 / 2.4.2 for CVE-2026-0863.

Read More: https://thehackernews.com/2026/01/two-high-severity-n8n-flaws-allow.html