Security researchers have uncovered several critical vulnerabilities in the popular workflow automation platform n8n that could allow attackers to execute malicious commands and access sensitive credentials. These flaws, if exploited, could give threat actors full control over the system running the platform.
The vulnerabilities have now been patched, but security experts are warning organizations and developers using the platform to update immediately. The flaws could potentially expose stored secrets such as API keys, cloud credentials, and authentication tokens.
Cybersecurity researchers revealed details about two major security issues that could allow attackers to execute arbitrary commands on affected systems.
The first vulnerability, CVE-2026-27577, carries a high severity score of 9.4. This flaw allows attackers to escape the platform’s expression sandbox, which is designed to restrict code execution. Due to a missing case in the platform’s Abstract Syntax Tree (AST) rewriter, certain system processes could bypass security checks.
According to security researcher Eilon Cohen from Pillar Security, this bug allows an authenticated user to run system-level commands through specially crafted expressions inside workflows.
In simple terms, a user with permission to create or modify workflows could manipulate expressions in workflow parameters and execute malicious commands directly on the server hosting the automation platform.
The second vulnerability, CVE-2026-27493, is even more severe with a CVSS score of 9.5. Researchers described it as a “double-evaluation bug” affecting the platform’s Form nodes.
Form nodes are commonly used to collect information from users through publicly accessible forms such as “Contact Us” pages. These endpoints are intentionally open to the public and do not require authentication.
However, researchers discovered that attackers could exploit this feature by injecting malicious expressions into form inputs. For example, an attacker could submit a specially crafted payload in a simple field like the Name field of a contact form.
Once processed by the system, the payload could trigger arbitrary shell commands on the server.
Because the forms are public by design, this vulnerability could allow unauthenticated attackers to start the attack chain.
Security experts warn that the two vulnerabilities become far more dangerous when used together.
The form injection flaw can be used to trigger expression evaluation, while the sandbox escape vulnerability can break out of security restrictions. When combined, they could enable remote code execution (RCE) on the server running the automation platform.
This means attackers could gain control over the server, execute commands, and potentially move deeper into an organization’s infrastructure.
Both vulnerabilities affect self-hosted and cloud deployments of the automation tool.
The affected versions include:
Versions earlier than 1.123.22
Versions 2.0.0 to 2.9.2
Versions 2.10.0
The issues have been fixed in the following releases:
1.123.22
2.9.3
2.10.1
Users running older versions should upgrade immediately to avoid exploitation.
Researchers also highlighted another serious impact of these vulnerabilities: credential exposure.
An attacker who successfully exploits the flaws could read the N8N_ENCRYPTION_KEY environment variable. This key is used by the platform to encrypt stored credentials.
If attackers obtain this key, they could decrypt every credential stored in the platform’s database. This includes highly sensitive data such as:
AWS access keys
Database passwords
OAuth tokens
API keys
Such exposure could allow attackers to compromise external services, cloud infrastructure, and connected applications.
Along with the two main issues, developers also patched two additional critical flaws that could also lead to arbitrary code execution.
The first is CVE-2026-27495, which affects the platform’s JavaScript Task Runner sandbox. An authenticated user with workflow permissions could exploit this bug to inject malicious code and execute it outside the intended sandbox environment.
The second flaw, CVE-2026-27497, involves the platform’s Merge node when operating in SQL query mode. Attackers could abuse this feature to execute arbitrary commands or even write malicious files directly on the server.
Both vulnerabilities carry a severity score of 9.4, making them highly critical for organizations running the platform in production environments.
For organizations that cannot immediately update their installations, the developers recommend several temporary mitigation steps.
To reduce the risk of exploitation, administrators should:
Restrict workflow creation and editing permissions to trusted users only
Deploy the platform in a hardened environment with limited system privileges
Restrict network access to the server hosting the automation tool
Additional configuration changes can also reduce risk.
For example, administrators can disable vulnerable nodes using environment variables such as:
NODES_EXCLUDE=n8n-nodes-base.formNODES_EXCLUDE=n8n-nodes-base.formTriggerNODES_EXCLUDE=n8n-nodes-base.merge
For the JavaScript runner vulnerability, enabling external runner mode using N8N_RUNNERS_MODE=external can help reduce the potential impact.
However, developers warn that these steps are temporary mitigations and do not fully eliminate the risk.
So far, there is no public evidence that these vulnerabilities are being actively exploited in real-world attacks. However, critical flaws like these often become targets quickly once technical details are disclosed.
Security experts strongly recommend that organizations upgrade to the patched versions as soon as possible.
Keeping automation platforms secure is essential because they often connect multiple systems, APIs, and cloud services. A single vulnerability could expose an entire ecosystem of connected applications.
Interesting Article : Microsoft Flags Surge in AI-Driven Cyberattacks
Pingback: Veeam Critical Backup Vulnerabilities Enabling Remote Code Execution