It looks like the protective barriers just stopped working.
A team of information security specialists discovered two critical vulnerabilities in the n8n workflow automation platform. Both flaws allow authorized users to execute arbitrary code on the target system, potentially leading to control of the entire platform.
The issues were identified by researchers at JFrog. The first of them, identified as CVE-2026-1470 and with a CVSS score of 9.9, involves code injection via the eval mechanism and allows bypassing Expression Sandbox protection. A successful attack allows an attacker to execute JavaScript code on the n8n master node.
The second vulnerability, CVE-2026-0863 , has a severity rating of 8.5. It affects the python-task-executor environment and allows bypassing its restrictions, gaining access to execute arbitrary Python commands at the operating system level. Both bugs require prior authorization, but even then pose a high risk, especially in configurations that use the so-called "internal" task execution mode. The n8n developers warn that this mode does not provide adequate isolation between platform processes and executable tasks, and recommend using the "external" mode in production.
According to the report's authors, the n8n platform is often used to automate internal processes across the entire company—including working with API language models, sales data, and internal access management systems. If compromised, an attacker could gain virtually unlimited privileges within the organization's infrastructure.
To mitigate the risks, users should update to secure versions. For CVE-2026-1470, these are 1.123.17, 2.4.5, or 2.5.1. For CVE-2026-0863, these are 1.123.14, 2.3.5, or 2.4.2.
The vulnerabilities were disclosed just weeks after the publication of another critical issue in n8n, dubbed Ni8mare and identified as CVE-2026-21858 . It allows an unauthorized attacker to completely take control of a vulnerable platform instance. According to the Shadowserver Foundation, more than 39,000 instances remain vulnerable as of January 27, 2026.
According to JFrog representatives, the incident highlights the difficulty of isolating interpreters for high-level languages like JavaScript and Python. Even with multiple layers of checks, lists of prohibited constructs, and syntax tree-based mechanisms, there remain workarounds that can be used to escape the protected environment. In this case, legacy language constructs, interpreter behavior, and exception handling behavior proved sufficient.
A team of information security specialists discovered two critical vulnerabilities in the n8n workflow automation platform. Both flaws allow authorized users to execute arbitrary code on the target system, potentially leading to control of the entire platform.
The issues were identified by researchers at JFrog. The first of them, identified as CVE-2026-1470 and with a CVSS score of 9.9, involves code injection via the eval mechanism and allows bypassing Expression Sandbox protection. A successful attack allows an attacker to execute JavaScript code on the n8n master node.
The second vulnerability, CVE-2026-0863 , has a severity rating of 8.5. It affects the python-task-executor environment and allows bypassing its restrictions, gaining access to execute arbitrary Python commands at the operating system level. Both bugs require prior authorization, but even then pose a high risk, especially in configurations that use the so-called "internal" task execution mode. The n8n developers warn that this mode does not provide adequate isolation between platform processes and executable tasks, and recommend using the "external" mode in production.
According to the report's authors, the n8n platform is often used to automate internal processes across the entire company—including working with API language models, sales data, and internal access management systems. If compromised, an attacker could gain virtually unlimited privileges within the organization's infrastructure.
To mitigate the risks, users should update to secure versions. For CVE-2026-1470, these are 1.123.17, 2.4.5, or 2.5.1. For CVE-2026-0863, these are 1.123.14, 2.3.5, or 2.4.2.
The vulnerabilities were disclosed just weeks after the publication of another critical issue in n8n, dubbed Ni8mare and identified as CVE-2026-21858 . It allows an unauthorized attacker to completely take control of a vulnerable platform instance. According to the Shadowserver Foundation, more than 39,000 instances remain vulnerable as of January 27, 2026.
According to JFrog representatives, the incident highlights the difficulty of isolating interpreters for high-level languages like JavaScript and Python. Even with multiple layers of checks, lists of prohibited constructs, and syntax tree-based mechanisms, there remain workarounds that can be used to escape the protected environment. In this case, legacy language constructs, interpreter behavior, and exception handling behavior proved sufficient.
