Full Report
Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution. The weaknesses, discovered by the JFrog Security Research team, are listed below - CVE-2026-1470 (CVSS score: 9.9) - An eval injection vulnerability that could allow an authenticated user to bypass the Expression
Analysis Summary
# Vulnerability: n8n Eval Injection Leading to Authenticated Remote Code Execution (CVE-2026-1470)
## CVE Details
- CVE ID: CVE-2026-1470
- CVSS Score: 9.9 (Critical)
- CWE: Improper Neutralization of Special Elements used in an Eval Expression ('Eval Injection')
## Affected Systems
- Products: n8n workflow automation platform
- Versions: (Specific vulnerable versions are not explicitly listed in the provided context for CVE-2026-1470, but patch information implies all versions prior to the fixed releases.)
- Configurations: Affects instances utilizing the Expression feature sandbox. Exploitation is possible even when operating in "internal" execution mode.
## Vulnerability Description
This is an **eval injection vulnerability** within the n8n Expression mechanism. An authenticated user can bypass the Expression sandbox by submitting specially crafted JavaScript code. Successful exploitation results in full Remote Code Execution (RCE) on n8n's main node. This allows the attacker to hijack the entire n8n instance, accessing core organizational data and tools, especially critical if the instance is running in an insecure production "internal" execution mode.
## Exploitation
- Status: PoC available (Based on the nature of the finding by researchers)
- Complexity: Likely Low to Medium (Requires successful authentication)
- Attack Vector: Adjacent (Requires network access to the authenticated n8n instance)
## Impact
- Confidentiality: High (Access to all data and system secrets connected to the n8n instance)
- Integrity: High (Ability to modify workflows, configuration, and underlying system state)
- Availability: High (Potential to disrupt the automation platform)
## Remediation
### Patches
Users must update to one of the following fixed versions:
* **1.123.17**
* **2.4.5**
* **2.5.1**
* (And likely all subsequent versions.)
### Workarounds
* **Switch to External Task Execution Mode:** n8n documentation strongly urges users to switch from the "internal" execution mode to external mode to ensure proper isolation between the n8n process and task runner processes. While this does not patch the vulnerability, it may limit the scope of the potential RCE impact compared to internal mode.
## Detection
- **Indicators of Compromise (IOCs):** Monitoring for highly unusual or complex JavaScript code being processed through workflow expression evaluation points. System monitoring for unexpected process creation or file modifications originating from the n8n execution environment.
- **Detection Methods and Tools:** Analysis of application and server logs for suspicious input in expression fields. Utilizing advanced runtime security monitoring tools capable of tracking sandbox escapes in dynamic language interpreters (JavaScript/Node.js).
## References
- Vendor Advisories: (Not explicitly detailed, but implicitly covered by the patch releases.)
- Relevant links - defanged:
* JFrog Security Research disclosure: hxxps://research.jfrog.org/post/achieving-remote-code-execution-on-n8n-via-sandbox-escape/
* NVD entry: hxxps://nvd.nist.gov/vuln/detail/CVE-2026-1470
* CWE: hxxps://cwe.mitre.org/data/definitions/95.html
* n8n Task Runner Documentation: hxxps://docs.n8n.io/hosting/configuration/task-runners/