CVE-2026-1470 Overview
n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime.
An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.
Critical Impact
Authenticated attackers can achieve full system compromise through arbitrary code execution with n8n process privileges, potentially leading to data theft, workflow manipulation, and lateral movement within the infrastructure.
Affected Products
- n8n workflow automation platform (versions prior to the security patch)
Discovery Timeline
- 2026-01-27 - CVE CVE-2026-1470 published to NVD
- 2026-01-27 - Last updated in NVD database
Technical Details for CVE-2026-1470
Vulnerability Analysis
This vulnerability is classified as CWE-95 (Improper Neutralization of Directives in Dynamically Evaluated Code, also known as "Eval Injection"). The flaw exists within n8n's Expression evaluation system, which processes user-supplied expressions during workflow configuration.
The core issue stems from insufficient isolation between the expression evaluation context and the underlying Node.js runtime environment. When authenticated users configure workflows, they can supply expressions that are dynamically evaluated. These expressions are not adequately sandboxed, allowing attackers to escape the intended evaluation context and execute arbitrary JavaScript code with the full privileges of the n8n server process.
This is particularly severe because n8n is commonly deployed to automate business-critical workflows and often has access to sensitive credentials, API keys, and internal network resources. A successful exploit could allow an attacker to access all connected services, exfiltrate data from integrated systems, and establish persistent access to the infrastructure.
Root Cause
The root cause is improper neutralization of directives in dynamically evaluated code (CWE-95). The expression evaluation engine failed to properly restrict access to dangerous JavaScript constructs and reserved variables that could be abused to break out of the sandbox and access the underlying runtime. Specifically, the vulnerable code did not block access to certain reserved variables and the with statement, both of which can be leveraged to escape the evaluation context.
Attack Vector
The attack is network-based and requires low-privilege authentication to the n8n instance. An attacker with valid credentials can craft malicious expressions within workflow configurations that exploit the insufficient isolation of the evaluation context. When these expressions are processed, the attacker's arbitrary code executes with the privileges of the n8n process, potentially gaining full control over the server and any connected systems or credentials.
The security patches introduce explicit validation to block dangerous constructs:
import { ExpressionError } from './expression.error';
export class ExpressionReservedVariableError extends ExpressionError {
constructor(variableName: string) {
super(`Cannot use "${variableName}" due to security concerns`);
}
}
Source: GitHub Commit
import { ExpressionError } from './expression.error';
export class ExpressionWithStatementError extends ExpressionError {
constructor() {
super('Cannot use "with" statements due to security concerns');
}
}
Source: GitHub Commit
Detection Methods for CVE-2026-1470
Indicators of Compromise
- Unexpected or unauthorized workflow modifications containing complex or obfuscated expressions
- Anomalous process spawning from the n8n server process (e.g., shell commands, reverse shells)
- Unusual outbound network connections originating from the n8n instance
- Log entries showing expression evaluation errors or security-related exceptions
Detection Strategies
- Monitor n8n workflow audit logs for suspicious expression content, particularly those containing JavaScript runtime objects or dangerous constructs like with statements
- Implement network-level monitoring for unexpected outbound connections from n8n servers
- Deploy endpoint detection and response (EDR) solutions to identify anomalous child process creation
- Review authentication logs for unauthorized or suspicious login attempts to n8n instances
Monitoring Recommendations
- Enable verbose logging for n8n expression evaluation to capture potential exploitation attempts
- Configure alerts for workflow modifications by low-privilege or recently created user accounts
- Implement file integrity monitoring on n8n configuration and workflow directories
- Monitor system resource utilization for signs of cryptomining or other post-exploitation activity
How to Mitigate CVE-2026-1470
Immediate Actions Required
- Update n8n to the latest patched version containing commit aa4d1e5825829182afa0ad5b81f602638f55fa04
- Audit all existing workflows for suspicious or unexpected expressions
- Review user accounts and revoke access for any unauthorized or unnecessary accounts
- Implement network segmentation to limit the blast radius of potential compromise
Patch Information
The vulnerability has been addressed in the n8n codebase through commit aa4d1e5825829182afa0ad5b81f602638f55fa04. The patch introduces new error classes that explicitly block the use of reserved variables and with statements in expressions. Organizations should update to a version containing this fix. For detailed technical analysis of the vulnerability, refer to the JFrog Vulnerability Report.
Workarounds
- Restrict n8n access to only trusted users and implement strict authentication controls until patching is complete
- Place n8n instances behind a reverse proxy with additional authentication layers
- Implement network-level access controls to limit who can reach the n8n interface
- Consider temporarily disabling workflow creation and editing capabilities for non-administrative users
# Example: Restrict network access to n8n using iptables
# Allow only trusted IP ranges to access n8n port (default 5678)
iptables -A INPUT -p tcp --dport 5678 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -p tcp --dport 5678 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
