Critical n8n Vulnerabilities Enabling RCE and Sandbox Escapes
Government cyber agencies in Belgium and Canada warned that n8n released security updates to address multiple critical vulnerabilities that could allow attackers to compromise workflow automation instances, particularly those exposed to the internet. The advisories emphasize that n8n often orchestrates actions across interconnected systems, increasing blast radius if compromised, and urge administrators to patch immediately to protect confidentiality, integrity, and availability.
The Belgian CCB advisory highlights three critical CVEs—CVE-2026-27495, CVE-2026-27577, and CVE-2026-27497 (each scored CVSS 9.4) affecting n8n versions prior to 2.10.1 / 2.9.3 / 1.123.22, including issues mapped to CWE-94 (code injection) and CWE-89 (SQL injection). It describes sandbox escape leading to arbitrary code execution in the JavaScript Task Runner (notably impacting the default internal Task Runner mode) and abuse of crafted workflow expressions by authenticated users with workflow modification permissions; Canada’s Cyber Centre advisory (AV26-176) additionally enumerates impacted components and attack classes including RCE via Merge Node, expression sandbox escape to RCE, JavaScript Task Runner sandbox escape, unauthenticated expression evaluation via Form Node, and stored XSS across multiple nodes, directing organizations to apply n8n’s upstream fixes.
Timeline
Apr 22, 2026
Canada issues advisory on April n8n security updates
On 2026-04-22, the Canadian Centre for Cyber Security published advisory AV26-379 covering newly released n8n security advisories for multiple vulnerabilities, including some rated critical. The advisory said affected areas included MCP Client Registration, dynamic-node-parameters, XML Node Prototype Pollution, XML Webhook, SQL Mode of Merge Node, MCP OAuth client, and Python Task Runner, and urged users to review and apply updates.
Mar 25, 2026
Canada issues advisory on new n8n security updates
On 2026-03-25, the Canadian Centre for Cyber Security published advisory AV26-278 covering newly released n8n security updates for multiple components and editions, including the Merge Node, Community Edition, Binary Data Inline HTML Rendering, GSuiteAdmin Node, and Form Trigger/Chat Trigger Nodes. The advisory urged users and administrators to review n8n's security information and apply the necessary updates.
Mar 11, 2026
Pillar Security discloses four critical n8n flaws
On 2026-03-11, Pillar Security publicly detailed four critical n8n vulnerabilities, including CVE-2026-27577 and CVE-2026-27493, which can be exploited individually or chained for remote code execution. The disclosure also warned that attackers could extract the N8N_ENCRYPTION_KEY and decrypt stored credentials such as API keys, OAuth tokens, and database passwords.
Feb 27, 2026
Belgium warns users to patch critical n8n vulnerabilities immediately
On February 27, 2026, Belgium's Centre for Cybersecurity published an advisory warning about multiple critical vulnerabilities in n8n and urging immediate patching. This reflects broader government dissemination of the February n8n security issues.
Feb 25, 2026
n8n releases security updates for multiple critical flaws
On February 25, 2026, n8n released security updates addressing multiple critical vulnerabilities across several components and nodes, including RCE via the Merge Node, sandbox escapes, unauthenticated expression evaluation via the Form Node, and stored XSS issues. Users and administrators were advised to review the advisories and update affected versions.
Feb 4, 2026
Pillar Security discloses critical n8n sandbox-escape flaws
On 2026-02-04, Pillar Security publicly disclosed two critical sandbox-escape vulnerabilities in n8n, including CVE-2026-25049, that allowed authenticated workflow editors to achieve remote code execution and compromise self-hosted and cloud deployments. The report said n8n acknowledged the issues, rotated secrets, and later delivered a comprehensive fix in version 2.4.0 after an initial December 2025 fix was bypassed.
Jan 12, 2026
Canada issues alert on high-severity n8n vulnerabilities
On January 12, 2026, the Canadian Centre for Cyber Security published Alert AL26-001 warning about CVE-2026-21858, CVE-2026-21877, and CVE-2025-68613 affecting the n8n workflow automation platform. The alert described risks including arbitrary code execution and arbitrary file writes, and urged organizations to upgrade or restrict exposed webhook and form endpoints.
Jan 12, 2026
Public PoCs emerge for critical n8n vulnerabilities
Public proof-of-concept exploits became available for multiple n8n flaws, including a chain using CVE-2026-21858 and CVE-2025-68613 to achieve unauthenticated remote code execution by extracting sensitive data and executing commands on the server.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Organizations
Sources
5 more from sources like the hacker news, belgium ccb security advisories, ca ccs, github.com and pillar
Related Stories
Multiple n8n Vulnerabilities Enable RCE, Sandbox Escapes, and Stored XSS
Security researchers and CVE disclosures reported multiple vulnerabilities in the *n8n* workflow automation platform that can enable **remote code execution (RCE)**, **sandbox escapes**, and **stored XSS** under various conditions. Akamai highlighted exploitation interest from **Zerobot** targeting n8n via **CVE-2025-68613**, a critical expression-evaluation sandboxing failure affecting versions `0.211.0` through `1.20.4` (and `1.21.1`/`1.22.0`), where a logged-in (non-admin) user could break out of the expression context to execute arbitrary code, read/write server files, steal environment variables (e.g., API keys), and establish persistence; a public PoC was noted as available. Subsequent advisories describe additional n8n flaws patched after the earlier expression-sandbox issue, generally requiring an authenticated user who can create/modify workflows, except where noted. **CVE-2026-27577** covers further expression-evaluation abuse leading to host command execution; **CVE-2026-27495** describes a **JavaScript Task Runner** sandbox escape that can lead to full host compromise when internal runners are used (enabled via `N8N_RUNNERS_ENABLED=true`), with external runner mode (`N8N_RUNNERS_MODE=external`) reducing blast radius; **CVE-2026-27497** describes potential RCE and arbitrary file write via the **Merge node** in SQL query mode; and **CVE-2026-27578** describes **stored XSS** across multiple nodes (e.g., Webhook/Form/Chat-related nodes) enabling session hijacking/account takeover when victims view affected pages. **CVE-2026-27493** adds a second-order, potentially **unauthenticated** expression injection path via **Form nodes** (triggered by crafted input beginning with `=` under specific workflow configurations) that can escalate to RCE only when chained with a separate sandbox escape. Fixes are reported in n8n `2.10.1` (and, depending on branch, `2.9.3` / `1.123.22`), with interim mitigations including restricting workflow edit permissions and disabling specific nodes via `NODES_EXCLUDE` (e.g., `n8n-nodes-base.webhook`, `n8n-nodes-base.merge`, `n8n-nodes-base.form`, `n8n-nodes-base.formTrigger`).
1 months ago
Critical n8n Expression Sandbox Escape Leading to Authenticated RCE (CVE-2026-25049)
A **critical remote code execution** issue in the *n8n* open-source workflow automation platform, tracked as **CVE-2026-25049** (also published as **GHSA-6cqr-8cfr-67f8**), allows an **authenticated** user with permission to create or modify workflows to escape n8n’s expression sandbox and execute arbitrary system commands on the underlying host. The flaw stems from **insufficient input sanitization/weak sandboxing** in n8n’s expression evaluation (server-side JavaScript) and was identified during follow-up analysis after an earlier critical n8n vulnerability (**CVE-2025-68613**) was patched; researchers report the new issue effectively **bypasses prior mitigations**. Reporting indicates exploitation can lead to **full compromise** of the n8n instance, including access to the filesystem and the ability to **steal stored credentials and secrets** (e.g., API keys, OAuth tokens) and sensitive configuration, with potential for **pivoting** into connected internal services and cloud accounts in multi-tenant deployments. Public reporting also notes **public exploits** are available. n8n maintainers state the issue is patched, and affected organizations should upgrade to fixed releases (**1.123.17** and **2.5.2**), as versions **prior to 1.123.17 and 2.5.2** are impacted.
1 months ago
Authenticated Sandbox-Escape RCE Vulnerabilities in n8n Workflow Automation
JFrog researchers disclosed two vulnerabilities in the *n8n* workflow automation platform that allow an **authenticated** attacker to escape built-in sandboxes and achieve **remote code execution (RCE)** on the main n8n node, potentially leading to full instance compromise and access to sensitive connected systems (e.g., APIs, credentials, and internal tooling). The issues are tracked as **CVE-2026-1470** (CVSS **9.9**) and **CVE-2026-0863** (CVSS **8.5**); exploitation is possible even in configurations where n8n runs in “internal” execution mode, which n8n documentation already warns is risky for production due to weaker isolation between the application and task runner processes. Technical details indicate both flaws are sandbox escapes driven by language/runtime edge cases: **CVE-2026-1470** abuses JavaScript expression sandboxing (including `with`-statement handling) to resolve a constructor path to `Function` and execute arbitrary JavaScript, while **CVE-2026-0863** escapes the Python task executor sandbox via Python introspection and runtime behavior (notably Python 3.10+ `AttributeError.obj`) to regain access to restricted builtins/imports and execute OS commands. Recommended remediation is to upgrade n8n to fixed versions (for **CVE-2026-1470**: `1.123.17`, `2.4.5`, or `2.5.1`; for **CVE-2026-0863**: `1.123.14`, `2.3.5`, or `2.4.2`).
1 months ago